qakbot | d4ab52a776afb0114dc478be94c7f85ba342a3634884c7d8c71081d11d3a70b0 | Triage

Sharing

General

Target

d4ab52a776afb0114dc478be94c7f85ba342a3634884c7d8c71081d11d3a70b0
Size

512KB
Sample

211219-jvz6waghcl
MD5

1a0c333053b2e8ee809e48ed8ff67be3
SHA1

a547b3002ce848d130af2129843c29c9585fc0f8
SHA256

d4ab52a776afb0114dc478be94c7f85ba342a3634884c7d8c71081d11d3a70b0
SHA512

618c0398edda1cdaa87de6a915412ddb7c260532de1ccf6ff34b0b4f95c57b7b925e894c4c8e44ed1851df7343a0bf6bbd47aa73a8248a681abb1e05c2effddd

Score

10^/10

qakbot cullinan 1639742517 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.10

Botnet

cullinan

Campaign

1639742517

C2

50.238.6.36:443

92.167.4.71:2222

89.137.52.44:443

105.198.236.99:995

117.248.109.38:21

106.51.48.170:50001

120.150.218.241:995

190.73.3.148:2222

182.56.53.180:443

186.64.87.213:443

103.142.10.177:443

65.100.174.110:443

96.21.251.127:2222

24.95.61.62:443

194.36.28.26:443

182.191.92.203:995

41.228.22.180:443

63.143.92.99:995

41.200.112.42:443

103.143.8.71:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  d4ab52a776afb0114dc478be94c7f85ba342a3634884c7d8c71081d11d3a70b0
- Size
  
  512KB
- MD5
  
  1a0c333053b2e8ee809e48ed8ff67be3
- SHA1
  
  a547b3002ce848d130af2129843c29c9585fc0f8
- SHA256
  
  d4ab52a776afb0114dc478be94c7f85ba342a3634884c7d8c71081d11d3a70b0
- SHA512
  
  618c0398edda1cdaa87de6a915412ddb7c260532de1ccf6ff34b0b4f95c57b7b925e894c4c8e44ed1851df7343a0bf6bbd47aa73a8248a681abb1e05c2effddd
Score

10^/10

qakbot cullinan 1639742517 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotcullinan1639742517bankerevasionstealertrojan

behavioral2

qakbotcullinan1639742517bankerstealertrojan