qakbot | f100cf6f88a1af42e3c6017e4bb70414214f81116504632f09686dc9188bca97

General

Target

f100cf6f88a1af42e3c6017e4bb70414214f81116504632f09686dc9188bca97
Size

1.8MB
Sample

220201-c54tgsfeam
MD5

de239afa083596420464973981e69eb6
SHA1

e5865c2c8ad8bb012c349164bc43fb4326dc3782
SHA256

f100cf6f88a1af42e3c6017e4bb70414214f81116504632f09686dc9188bca97
SHA512

0fb56721c9f9eae17902e46b37fb4e583db03f9c4a0d103c418803887ab642c63e022777035a2a255ff57d6fb1e441f6d90a5b3675b68a2c4dd8d92a8daaf260

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

324.70

Botnet

spx84

Campaign

1585124895

C2

99.228.5.106:995

71.241.247.189:443

173.245.152.231:443

79.113.219.121:443

24.44.180.236:2222

80.11.10.151:990

78.96.148.177:443

75.137.60.81:443

68.46.142.48:995

24.32.119.146:443

35.143.248.234:443

35.142.24.147:2222

71.68.197.202:995

96.57.237.162:443

74.138.18.247:443

174.110.39.220:443

62.231.93.154:443

70.164.39.91:443

74.194.4.181:443

67.190.189.217:443

Targets

- Target
  
  f100cf6f88a1af42e3c6017e4bb70414214f81116504632f09686dc9188bca97
- Size
  
  1.8MB
- MD5
  
  de239afa083596420464973981e69eb6
- SHA1
  
  e5865c2c8ad8bb012c349164bc43fb4326dc3782
- SHA256
  
  f100cf6f88a1af42e3c6017e4bb70414214f81116504632f09686dc9188bca97
- SHA512
  
  0fb56721c9f9eae17902e46b37fb4e583db03f9c4a0d103c418803887ab642c63e022777035a2a255ff57d6fb1e441f6d90a5b3675b68a2c4dd8d92a8daaf260
Score

10^/10

qakbot spx84 1585124895 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2