Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Size

545KB
Sample

211115-r554waafe6
MD5

53510e20efb161d5b71c4ce2800c1a8d
SHA1

2268178851d0d0debb9ab457d73af8a5e50af168
SHA256

e2bc969424adc97345ac81194d316f58da38621aad3ca7ae27e40a8fae582987
SHA512

27f4f030928581d23212e18cfd0b33376677cef43ad5605e124cd80e2102cd1d559bf205ae1693e5e6567a6bd33d00d0e7209e32d503116d8b1594cb78ae69a3

Score

10^/10

qakbot tr 1633597626 banker evasion stealer trojan

Malware Config

Extracted

Family	qakbot
Version	402.363
Botnet	tr
Campaign	1633597626
C2	120.150.218.241:995 185.250.148.74:443 89.137.52.44:443 66.103.170.104:2222 86.8.177.143:443 216.201.162.158:443 174.54.193.186:443 103.148.120.144:443 188.50.169.158:443 124.123.42.115:2222 140.82.49.12:443 199.27.127.129:443 81.241.252.59:2078 209.142.97.161:995 209.50.20.255:443 73.230.205.91:443 200.232.214.222:995 103.142.10.177:443 2.222.167.138:443 41.228.22.180:443 122.11.220.212:2222 78.191.58.219:995 47.22.148.6:443 74.72.237.54:443 217.17.56.163:465 96.57.188.174:2078 94.200.181.154:443 37.210.152.224:995 201.93.111.2:995 202.134.178.157:443 89.101.97.139:443 73.52.50.32:443 188.55.235.110:995 27.223.92.142:995 181.118.183.94:443 136.232.34.70:443 186.32.163.199:443 72.173.78.211:443 76.25.142.196:443 45.46.53.140:2222 98.157.235.126:443 173.21.10.71:2222 73.151.236.31:443 71.74.12.34:443 75.75.179.226:443 167.248.117.81:443 67.165.206.193:993 47.40.196.233:2222 72.252.201.69:443 181.4.53.6:465 109.12.111.14:443 24.171.50.5:443 24.139.72.117:443 24.55.112.61:443 24.229.150.54:995 77.57.204.78:443 81.250.153.227:2222 49.33.237.65:443 66.177.215.152:50010 177.170.201.134:995 75.188.35.168:443 120.151.47.189:443 173.25.162.221:443 201.6.246.227:995 66.177.215.152:443 217.17.56.163:2222 202.165.32.158:2222 39.52.229.8:995 42.60.70.14:443 73.140.38.124:443 167.248.100.227:443 63.70.164.200:443 69.30.186.190:443 189.131.221.201:443 68.204.7.158:443 181.84.114.46:443 167.248.99.149:443 177.94.21.110:995 50.54.32.149:443 189.224.181.39:443 24.119.214.7:443 63.70.164.200:995 177.94.125.59:995 82.18.173.253:2222 73.130.180.25:443 217.17.56.163:2078 162.244.227.34:443 75.66.88.33:443 206.47.134.234:2222 167.248.54.34:2222 73.77.87.137:443 181.4.53.6:443 190.198.206.189:2222 167.248.111.245:443 96.46.103.226:443 73.25.124.140:2222 24.152.219.253:995 68.186.192.69:443 162.210.220.137:443 174.54.58.170:443 103.246.130.114:1194 103.246.130.35:21 103.246.130.2:20 103.246.130.122:20 105.198.236.99:443 103.157.122.198:995 4.34.193.180:995 159.2.51.200:2222 110.174.64.179:995 187.101.25.96:32100 76.84.230.103:443 174.59.35.191:443 173.63.245.129:443 68.117.229.117:443 75.163.81.130:995 76.84.32.159:443 147.92.51.49:443 76.84.226.17:443 68.13.157.69:443 167.248.126.223:443 72.196.22.184:443 98.22.92.139:995 97.98.130.50:443 196.117.224.53:995 191.191.38.8:443 188.210.210.122:443 96.46.103.109:2222 37.117.191.19:2222 197.90.137.161:61201 24.32.174.175:443 76.84.225.21:443 78.145.153.73:995 69.30.190.105:995 167.248.81.60:443 69.80.113.148:443 217.17.56.163:443 62.23.194.38:443 62.23.194.41:995 189.210.115.207:443 174.59.226.6:443 73.130.237.36:443 69.253.197.100:443 174.59.242.9:443 120.150.218.241:995 185.250.148.74:443 89.137.52.44:443 66.103.170.104:2222 86.8.177.143:443 216.201.162.158:443 174.54.193.186:443 103.148.120.144:443 188.50.169.158:443 124.123.42.115:2222 140.82.49.12:443 199.27.127.129:443 81.241.252.59:2078 209.142.97.161:995 209.50.20.255:443 73.230.205.91:443 200.232.214.222:995 103.142.10.177:443 2.222.167.138:443 41.228.22.180:443 122.11.220.212:2222 78.191.58.219:995 47.22.148.6:443 74.72.237.54:443 217.17.56.163:465 96.57.188.174:2078 94.200.181.154:443 37.210.152.224:995 201.93.111.2:995 202.134.178.157:443 89.101.97.139:443 73.52.50.32:443 188.55.235.110:995 27.223.92.142:995 181.118.183.94:443 136.232.34.70:443 186.32.163.199:443 72.173.78.211:443 76.25.142.196:443 45.46.53.140:2222 98.157.235.126:443 173.21.10.71:2222 73.151.236.31:443 71.74.12.34:443 75.75.179.226:443 167.248.117.81:443 67.165.206.193:993 47.40.196.233:2222 72.252.201.69:443 181.4.53.6:465 109.12.111.14:443 24.171.50.5:443 24.139.72.117:443 24.55.112.61:443 24.229.150.54:995 77.57.204.78:443 81.250.153.227:2222 49.33.237.65:443 66.177.215.152:50010 177.170.201.134:995 75.188.35.168:443 120.151.47.189:443 173.25.162.221:443 201.6.246.227:995 66.177.215.152:443 217.17.56.163:2222 202.165.32.158:2222 39.52.229.8:995 42.60.70.14:443 73.140.38.124:443 167.248.100.227:443 63.70.164.200:443 69.30.186.190:443 189.131.221.201:443 68.204.7.158:443 181.84.114.46:443 167.248.99.149:443 177.94.21.110:995 50.54.32.149:443 189.224.181.39:443 24.119.214.7:443 63.70.164.200:995 177.94.125.59:995 82.18.173.253:2222 73.130.180.25:443 217.17.56.163:2078 162.244.227.34:443 75.66.88.33:443 206.47.134.234:2222 167.248.54.34:2222 73.77.87.137:443 181.4.53.6:443 190.198.206.189:2222 167.248.111.245:443 96.46.103.226:443 73.25.124.140:2222 24.152.219.253:995 68.186.192.69:443 162.210.220.137:443 174.54.58.170:443 103.246.130.114:1194 103.246.130.35:21 103.246.130.2:20 103.246.130.122:20 105.198.236.99:443 103.157.122.198:995 4.34.193.180:995 159.2.51.200:2222 110.174.64.179:995 187.101.25.96:32100 76.84.230.103:443 174.59.35.191:443 173.63.245.129:443 68.117.229.117:443 75.163.81.130:995 76.84.32.159:443 147.92.51.49:443 76.84.226.17:443 68.13.157.69:443 167.248.126.223:443 72.196.22.184:443 98.22.92.139:995 97.98.130.50:443 196.117.224.53:995 191.191.38.8:443 188.210.210.122:443 96.46.103.109:2222 37.117.191.19:2222 197.90.137.161:61201 24.32.174.175:443 76.84.225.21:443 78.145.153.73:995 69.30.190.105:995 167.248.81.60:443 69.80.113.148:443 217.17.56.163:443 62.23.194.38:443 62.23.194.41:995 189.210.115.207:443 174.59.226.6:443 73.130.237.36:443 69.253.197.100:443 174.59.242.9:443
Attributes	salt jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  e2bc969424adc97345ac81194d316f58da38621aad3ca7ae27e40a8fae582987
- Size
  
  545KB
- MD5
  
  53510e20efb161d5b71c4ce2800c1a8d
- SHA1
  
  2268178851d0d0debb9ab457d73af8a5e50af168
- SHA256
  
  e2bc969424adc97345ac81194d316f58da38621aad3ca7ae27e40a8fae582987
- SHA512
  
  27f4f030928581d23212e18cfd0b33376677cef43ad5605e124cd80e2102cd1d559bf205ae1693e5e6567a6bd33d00d0e7209e32d503116d8b1594cb78ae69a3
Score

10^/10

qakbot tr 1633597626 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Scheduled Task

Privilege Escalation

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Windows security bypass

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2