qakbot | e1c376bbaff5ae7ef4966f76681d2da4622d5ec13b9c17d09b72dfb4f3b797e2

General

Target

e1c376bbaff5ae7ef4966f76681d2da4622d5ec13b9c17d09b72dfb4f3b797e2
Size

2.3MB
Sample

220205-kwb14shhhl
MD5

871642898eb8781d714a951651b2701b
SHA1

9a32185dfbf88622305af25fa52541fd067c1a2a
SHA256

e1c376bbaff5ae7ef4966f76681d2da4622d5ec13b9c17d09b72dfb4f3b797e2
SHA512

e3125aa592dec1857a91b137a0d375d3886b71e2f3758f2cf61fe71d32f9e6dee459557a9a9557fe7c6107ecf15d418d96704d739f8660f1a2aef30b762e5d80

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

324.127

Botnet

spx98

Campaign

1587042061

C2

24.37.178.158:990

24.110.96.149:443

68.1.171.93:443

24.210.45.215:443

77.159.149.74:443

72.190.101.70:443

71.187.170.235:443

24.110.14.40:443

46.102.52.24:443

96.234.20.230:443

184.57.17.74:443

47.153.115.154:993

72.142.106.198:995

12.5.37.3:443

168.103.52.51:995

216.163.4.91:443

100.4.185.8:443

72.172.49.164:443

5.2.149.216:443

47.202.98.230:443

Targets

- Target
  
  e1c376bbaff5ae7ef4966f76681d2da4622d5ec13b9c17d09b72dfb4f3b797e2
- Size
  
  2.3MB
- MD5
  
  871642898eb8781d714a951651b2701b
- SHA1
  
  9a32185dfbf88622305af25fa52541fd067c1a2a
- SHA256
  
  e1c376bbaff5ae7ef4966f76681d2da4622d5ec13b9c17d09b72dfb4f3b797e2
- SHA512
  
  e3125aa592dec1857a91b137a0d375d3886b71e2f3758f2cf61fe71d32f9e6dee459557a9a9557fe7c6107ecf15d418d96704d739f8660f1a2aef30b762e5d80
Score

10^/10

qakbot spx98 1587042061 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2