qakbot | c0157e0dccbf0ff1007c733d6fb6c5942dd3182b524e68a068fdff2f4e05eaa3

General

Target

c0157e0dccbf0ff1007c733d6fb6c5942dd3182b524e68a068fdff2f4e05eaa3
Size

2.1MB
Sample

220205-mn7txsaffp
MD5

2cfc51a33dd53cd00b7f82dd2b056e53
SHA1

b24f0bb2fe16f5c866f6a81cdd71ce0d9ede939f
SHA256

c0157e0dccbf0ff1007c733d6fb6c5942dd3182b524e68a068fdff2f4e05eaa3
SHA512

ecc92c5098c1900d571b1944a0f4eae7d017e456fa149fd441ddaf56ba5bcebb5e5ab9bb20746441713c6d9cfafd9cafa0b5f764fc80893eec27bcf57eb02a2e

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

324.75

Botnet

spx91

Campaign

1586277222

C2

76.180.69.236:443

216.16.178.115:443

75.183.171.155:3389

72.80.137.215:443

100.33.132.135:443

70.62.160.186:6883

68.41.60.225:443

100.40.48.96:443

47.41.3.40:443

98.164.253.75:443

78.96.148.177:443

73.192.209.168:443

64.19.74.29:995

93.114.89.119:995

73.60.148.209:443

66.26.160.37:443

47.39.76.74:443

97.96.51.117:443

5.13.221.230:443

68.174.9.179:443

Targets

- Target
  
  c0157e0dccbf0ff1007c733d6fb6c5942dd3182b524e68a068fdff2f4e05eaa3
- Size
  
  2.1MB
- MD5
  
  2cfc51a33dd53cd00b7f82dd2b056e53
- SHA1
  
  b24f0bb2fe16f5c866f6a81cdd71ce0d9ede939f
- SHA256
  
  c0157e0dccbf0ff1007c733d6fb6c5942dd3182b524e68a068fdff2f4e05eaa3
- SHA512
  
  ecc92c5098c1900d571b1944a0f4eae7d017e456fa149fd441ddaf56ba5bcebb5e5ab9bb20746441713c6d9cfafd9cafa0b5f764fc80893eec27bcf57eb02a2e
Score

10^/10

qakbot spx91 1586277222 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2