qakbot | 3fa192c8691d10584b01d2f8c28f5b6cd563083494f5c37fad0c31262a240b5f

General

Target

3fa192c8691d10584b01d2f8c28f5b6cd563083494f5c37fad0c31262a240b5f
Size

2.0MB
Sample

220205-t27veadegp
MD5

4716a93ad9be2929ffff6e7bfac6e6d5
SHA1

164a42a0c34a9948efec3f08aa60d83e340246db
SHA256

3fa192c8691d10584b01d2f8c28f5b6cd563083494f5c37fad0c31262a240b5f
SHA512

7ff0630ceee6427a8ff4a986b0f67aad720c1450fdbb27c59c0112c7e069ffd7ba14143929ee96df34e2e754bfc949c1b75ebf0175984c02294e193f2a06a9e5

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

324.127

Botnet

spx107

Campaign

1588082813

C2

97.81.255.189:443

67.8.103.21:443

47.232.26.181:443

50.104.67.101:443

173.172.205.216:443

108.188.46.240:995

96.35.170.82:2222

70.95.94.91:2222

72.204.242.138:6881

72.231.224.122:2222

73.137.187.150:443

73.123.16.215:443

71.213.29.14:995

209.182.121.133:2222

82.210.157.185:443

69.47.26.41:443

86.122.7.89:443

71.187.170.235:443

79.113.46.93:443

74.134.4.236:443

Targets

- Target
  
  3fa192c8691d10584b01d2f8c28f5b6cd563083494f5c37fad0c31262a240b5f
- Size
  
  2.0MB
- MD5
  
  4716a93ad9be2929ffff6e7bfac6e6d5
- SHA1
  
  164a42a0c34a9948efec3f08aa60d83e340246db
- SHA256
  
  3fa192c8691d10584b01d2f8c28f5b6cd563083494f5c37fad0c31262a240b5f
- SHA512
  
  7ff0630ceee6427a8ff4a986b0f67aad720c1450fdbb27c59c0112c7e069ffd7ba14143929ee96df34e2e754bfc949c1b75ebf0175984c02294e193f2a06a9e5
Score

10^/10

qakbot spx107 1588082813 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2