qakbot | 236f9f37dc2604ed8d3faee0b07fc6bb8f4dde68ed89a137023f641ad6076ca4 | Triage

Sharing

General

Target

236f9f37dc2604ed8d3faee0b07fc6bb8f4dde68ed89a137023f641ad6076ca4
Size

196KB
Sample

211105-mm661abdc3
MD5

1d4952cbe998312fd2bf810535db8a20
SHA1

9667cbfa70ed5f116212be862d8301935c278ceb
SHA256

236f9f37dc2604ed8d3faee0b07fc6bb8f4dde68ed89a137023f641ad6076ca4
SHA512

582ab995fe6b6d1f6bc9ddb95a80c01c776f7d21e7d8e381795172b76ce6500dc2e8847a87cdcc3d35d916d19bdb122e237c75e9425643458d6881a0d24deff2

Score

10^/10

qakbot notset 1635958698 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.1

Botnet

notset

Campaign

1635958698

C2

89.137.52.44:443

94.60.254.81:443

189.146.41.71:443

93.147.212.206:443

71.13.93.154:2222

136.143.11.232:443

100.1.119.41:443

189.223.33.109:443

45.46.53.140:2222

86.97.8.204:443

71.13.93.154:6881

111.250.29.138:443

181.118.183.27:443

71.13.93.154:2083

24.139.72.117:443

24.229.150.54:995

24.55.112.61:443

76.25.142.196:443

72.27.126.188:995

207.246.112.221:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  236f9f37dc2604ed8d3faee0b07fc6bb8f4dde68ed89a137023f641ad6076ca4
- Size
  
  196KB
- MD5
  
  1d4952cbe998312fd2bf810535db8a20
- SHA1
  
  9667cbfa70ed5f116212be862d8301935c278ceb
- SHA256
  
  236f9f37dc2604ed8d3faee0b07fc6bb8f4dde68ed89a137023f641ad6076ca4
- SHA512
  
  582ab995fe6b6d1f6bc9ddb95a80c01c776f7d21e7d8e381795172b76ce6500dc2e8847a87cdcc3d35d916d19bdb122e237c75e9425643458d6881a0d24deff2
Score

10^/10

qakbot notset 1635958698 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

notset1635958698qakbot

behavioral1

qakbotnotset1635958698bankerevasionstealertrojan

behavioral2

qakbotnotset1635958698bankerstealertrojan