qakbot | ff37a6c3a4b5fbf3a25504f2ff6ffa37e1c4c26b606db769d0e09fb7ac041a6c

General

Target

ff37a6c3a4b5fbf3a25504f2ff6ffa37e1c4c26b606db769d0e09fb7ac041a6c
Size

2.2MB
Sample

220205-h7lzcahag2
MD5

e4c2bff686969ea9d59d708c90b9f2c6
SHA1

d3a95ed1c15b5cd13ddaa99a4ccefac61f8296e2
SHA256

ff37a6c3a4b5fbf3a25504f2ff6ffa37e1c4c26b606db769d0e09fb7ac041a6c
SHA512

4d7dce524737e318ddea1d35a32705960095d994a16a480dba34dc6ea69b36cf7caa374f3beb350fc203582821d1db66f528e6bd5b47565af2cbd3ac1e583c3e

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

324.127

Botnet

spx99

Campaign

1587123128

C2

66.208.105.6:443

83.25.7.201:2222

68.134.181.98:443

108.190.151.108:2222

81.102.127.116:443

93.118.221.204:443

72.183.129.56:443

72.29.181.77:2222

96.35.170.82:2222

50.104.67.101:443

5.182.39.156:443

68.224.192.39:443

50.244.112.106:443

47.205.231.60:443

67.209.195.198:3389

47.146.169.85:443

86.124.13.55:443

108.30.161.143:443

75.87.161.32:995

67.131.59.17:443

Targets

- Target
  
  ff37a6c3a4b5fbf3a25504f2ff6ffa37e1c4c26b606db769d0e09fb7ac041a6c
- Size
  
  2.2MB
- MD5
  
  e4c2bff686969ea9d59d708c90b9f2c6
- SHA1
  
  d3a95ed1c15b5cd13ddaa99a4ccefac61f8296e2
- SHA256
  
  ff37a6c3a4b5fbf3a25504f2ff6ffa37e1c4c26b606db769d0e09fb7ac041a6c
- SHA512
  
  4d7dce524737e318ddea1d35a32705960095d994a16a480dba34dc6ea69b36cf7caa374f3beb350fc203582821d1db66f528e6bd5b47565af2cbd3ac1e583c3e
Score

10^/10

qakbot spx99 1587123128 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2