qakbot | d95f4ac839d1bfe15bef97a921d31b9f1eaa845b26c82ef9b9ab1e16ffde994e

General

Target

d95f4ac839d1bfe15bef97a921d31b9f1eaa845b26c82ef9b9ab1e16ffde994e
Size

1.8MB
Sample

220201-d6p76agahq
MD5

326efc979dda0a4233d37d51a7a2398f
SHA1

106d1591a618647b56a7461bb8fe987f282ad862
SHA256

d95f4ac839d1bfe15bef97a921d31b9f1eaa845b26c82ef9b9ab1e16ffde994e
SHA512

887fb12d141413685756ef012bbc5b8211e2fc2deb7e436f0d75cdc6e818336f6f166e11adb3283ae52578f36b6e7623d982da1ea32dba3b355d5c8049052c43

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

324.70

Botnet

spx85

Campaign

1585211304

C2

174.82.131.155:995

173.172.205.216:443

71.233.73.222:995

208.126.142.17:443

68.14.210.246:22

96.57.237.162:443

74.138.18.247:443

47.40.244.237:443

71.213.61.215:995

216.201.162.158:443

72.38.44.119:995

47.41.3.57:443

67.250.184.157:443

47.153.115.154:443

173.79.220.156:443

108.27.217.44:443

75.81.25.223:995

67.209.195.198:3389

65.30.12.240:443

66.222.88.126:995

Targets

- Target
  
  d95f4ac839d1bfe15bef97a921d31b9f1eaa845b26c82ef9b9ab1e16ffde994e
- Size
  
  1.8MB
- MD5
  
  326efc979dda0a4233d37d51a7a2398f
- SHA1
  
  106d1591a618647b56a7461bb8fe987f282ad862
- SHA256
  
  d95f4ac839d1bfe15bef97a921d31b9f1eaa845b26c82ef9b9ab1e16ffde994e
- SHA512
  
  887fb12d141413685756ef012bbc5b8211e2fc2deb7e436f0d75cdc6e818336f6f166e11adb3283ae52578f36b6e7623d982da1ea32dba3b355d5c8049052c43
Score

10^/10

qakbot spx85 1585211304 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2