qakbot | 4a59695c3c4af42c92808e4caf4160b9aa76ba84d8a917d05e9d4a06b0fc4f3f | Triage

Resubmissions

09-02-2022 14:19

220209-rna76safhq 10

08-02-2022 07:08

220208-hyfe7segb2 10

08-02-2022 06:34

220208-hb21paefa3 10

01-02-2022 11:44

220201-nv5htaecc6 10

31-01-2022 20:44

220131-zh6qwsccf2 10

31-01-2022 19:46

220131-yg4pgabbdp 10

31-01-2022 18:02

220131-wmjv5safgm 10

Sharing

General

Target

111.dat
Size

1.8MB
Sample

220131-yg4pgabbdp
MD5

d12984d1fd1dcf63026ed1e6ebfe528a
SHA1

853a8d074df6e31219a8aff36843b9c4c06fce85
SHA256

4a59695c3c4af42c92808e4caf4160b9aa76ba84d8a917d05e9d4a06b0fc4f3f
SHA512

370a0530c2553046a5664152e939ff6a55e77e2b6646d29edde4e44072da271cdc4b13ec8066cb6af2d8b2ad0c737adb36c817d969038716b0adfb5620e44f46

Score

10^/10

qakbot bhs02 1643626574 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.10

Botnet

bhs02

Campaign

1643626574

C2

37.186.54.18:995

182.191.92.203:995

67.209.195.198:443

186.64.87.224:443

31.167.160.170:443

96.246.158.154:995

86.98.47.119:61200

75.156.151.34:443

45.9.20.200:443

76.23.237.163:995

78.96.235.245:443

102.65.38.67:443

89.211.184.52:2222

193.251.59.245:2222

94.60.254.81:443

24.222.20.254:443

114.79.148.170:443

94.59.253.222:2222

129.208.150.26:995

103.139.242.30:990

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  111.dat
- Size
  
  1.8MB
- MD5
  
  d12984d1fd1dcf63026ed1e6ebfe528a
- SHA1
  
  853a8d074df6e31219a8aff36843b9c4c06fce85
- SHA256
  
  4a59695c3c4af42c92808e4caf4160b9aa76ba84d8a917d05e9d4a06b0fc4f3f
- SHA512
  
  370a0530c2553046a5664152e939ff6a55e77e2b6646d29edde4e44072da271cdc4b13ec8066cb6af2d8b2ad0c737adb36c817d969038716b0adfb5620e44f46
Score

10^/10

qakbot bhs02 1643626574 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotbhs021643626574bankerevasionstealertrojan