qakbot | d67981fa74acc2455b1b6a8372611a035356ecdeb0524cd45eb5da43102d2c34

General

Target

d67981fa74acc2455b1b6a8372611a035356ecdeb0524cd45eb5da43102d2c34
Size

2.3MB
Sample

220205-lenh9aabhr
MD5

1201e9617bb562bad0943f39fb049e55
SHA1

ae95694cca240becf6cac19aabad28d6e1aafe0b
SHA256

d67981fa74acc2455b1b6a8372611a035356ecdeb0524cd45eb5da43102d2c34
SHA512

6d8494eb8fb8622d9a40c751fc92068ff7e7a7274e1751113b1b06a11724eb579558192326f9be7cc4109cc677f50a84c96b1c56e64f0d80e93ee9ae8dc0aade

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

324.127

Botnet

spx97

Campaign

1586971769

C2

72.214.55.147:995

78.96.64.230:443

100.38.123.22:443

47.205.231.60:443

185.145.113.249:443

72.16.212.107:465

94.52.124.226:443

72.255.200.69:2222

73.56.2.167:443

67.249.222.14:443

71.58.21.235:443

79.113.193.29:443

96.35.170.82:2222

76.111.128.194:443

181.126.86.223:443

67.209.195.198:3389

47.146.169.85:443

47.39.76.74:443

67.131.59.17:443

71.11.209.101:443

Targets

- Target
  
  d67981fa74acc2455b1b6a8372611a035356ecdeb0524cd45eb5da43102d2c34
- Size
  
  2.3MB
- MD5
  
  1201e9617bb562bad0943f39fb049e55
- SHA1
  
  ae95694cca240becf6cac19aabad28d6e1aafe0b
- SHA256
  
  d67981fa74acc2455b1b6a8372611a035356ecdeb0524cd45eb5da43102d2c34
- SHA512
  
  6d8494eb8fb8622d9a40c751fc92068ff7e7a7274e1751113b1b06a11724eb579558192326f9be7cc4109cc677f50a84c96b1c56e64f0d80e93ee9ae8dc0aade
Score

10^/10

qakbot spx97 1586971769 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2