qakbot | bef46e00b74c84f8c4e22ec59705da188ac9b417f57f98239e0befa44700a7ad | Triage

Sharing

General

Target

bef46e00b74c84f8c4e22ec59705da188ac9b417f57f98239e0befa44700a7ad
Size

959KB
Sample

211214-tfn56shabp
MD5

e5ef2b91bcdb8037bb2465c84c28248b
SHA1

adaad69a8641a607d7fc77c7cd11d6981c8afde0
SHA256

bef46e00b74c84f8c4e22ec59705da188ac9b417f57f98239e0befa44700a7ad
SHA512

66c38499678ca3e21b4dfe9e91934357b3c85c542a1774ee98411660f64d7aa05d718c3095e33280275df631833dd0607ee3a40cd06b8abb754d97132bb7700c

Score

10^/10

qakbot cullinan 1639333530 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.10

Botnet

cullinan

Campaign

1639333530

C2

65.100.174.110:443

173.21.10.71:2222

140.82.49.12:443

190.73.3.148:2222

76.25.142.196:443

71.74.12.34:443

31.215.98.160:443

93.48.80.198:995

45.9.20.200:2211

41.228.22.180:443

109.12.111.14:443

63.143.92.99:995

120.150.218.241:995

94.60.254.81:443

86.148.6.51:443

218.101.110.3:995

216.238.71.31:443

207.246.112.221:443

216.238.72.121:443

216.238.71.31:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  bef46e00b74c84f8c4e22ec59705da188ac9b417f57f98239e0befa44700a7ad
- Size
  
  959KB
- MD5
  
  e5ef2b91bcdb8037bb2465c84c28248b
- SHA1
  
  adaad69a8641a607d7fc77c7cd11d6981c8afde0
- SHA256
  
  bef46e00b74c84f8c4e22ec59705da188ac9b417f57f98239e0befa44700a7ad
- SHA512
  
  66c38499678ca3e21b4dfe9e91934357b3c85c542a1774ee98411660f64d7aa05d718c3095e33280275df631833dd0607ee3a40cd06b8abb754d97132bb7700c
Score

10^/10

qakbot cullinan 1639333530 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotcullinan1639333530bankerevasionstealertrojan

behavioral2

qakbotcullinan1639333530bankerevasionstealertrojan