qakbot | d7ebf4872795a274ac86598fd2cbcad77b8cf9ddf81b854d7b480901f7f3b236 | Triage

Sharing

General

Target

second_stage3.bin
Size

665KB
Sample

211221-125tdaeff7
MD5

f92528a71e6f367c39195d12bc9d30c4
SHA1

1d5795de9f36d216d842c79af28d7f8d245f733e
SHA256

d7ebf4872795a274ac86598fd2cbcad77b8cf9ddf81b854d7b480901f7f3b236
SHA512

f9f61831c5d3126af97ea708b4729254412705792625755348e3286f5b60f6ee6ddc2fdc518ab543afef1067b728fa26e3614daf5b86a18ec450c3eeed36cf7a

Score

10^/10

qakbot cullinan 1640084934 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.10

Botnet

cullinan

Campaign

1640084934

C2

95.5.133.68:995

188.159.122.122:443

140.82.49.12:443

32.221.229.7:443

24.152.219.253:995

31.35.28.29:443

96.37.113.36:993

109.12.111.14:443

14.96.72.249:61202

93.48.80.198:995

45.9.20.200:2211

24.95.61.62:443

79.167.192.206:995

37.210.226.125:61202

103.139.242.30:995

70.163.1.219:443

114.79.148.170:443

63.153.187.104:443

103.143.8.71:6881

24.53.49.240:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  second_stage3.bin
- Size
  
  665KB
- MD5
  
  f92528a71e6f367c39195d12bc9d30c4
- SHA1
  
  1d5795de9f36d216d842c79af28d7f8d245f733e
- SHA256
  
  d7ebf4872795a274ac86598fd2cbcad77b8cf9ddf81b854d7b480901f7f3b236
- SHA512
  
  f9f61831c5d3126af97ea708b4729254412705792625755348e3286f5b60f6ee6ddc2fdc518ab543afef1067b728fa26e3614daf5b86a18ec450c3eeed36cf7a
Score

10^/10

qakbot cullinan 1640084934 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotcullinan1640084934bankerevasionstealertrojan

behavioral2

qakbotcullinan1640084934bankerevasionstealertrojan