qakbot | 2c1a14b73b086a014b310d2abe314130f293b3319f5bd7dfb53da39db35770db

General

Target

2c1a14b73b086a014b310d2abe314130f293b3319f5bd7dfb53da39db35770db
Size

2.1MB
Sample

220205-vzksjadhgp
MD5

cb803188a570da7a41669b4fa22c80df
SHA1

829720fa8a8082fdc60032978ebbb560481b1529
SHA256

2c1a14b73b086a014b310d2abe314130f293b3319f5bd7dfb53da39db35770db
SHA512

203445ae06434785abbacad34052c2720d9d8edb3ee12eb533b39d773981c4d2bde1b20f1b5d00936a9cd57da0e197bac4b7be2be60b9cc596329fe35eaab6c1

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

324.75

Botnet

spx91

Campaign

1586289193

C2

173.173.1.164:443

70.62.160.186:6883

68.41.60.225:443

100.40.48.96:443

73.192.209.168:443

93.114.89.119:995

64.19.74.29:995

73.60.148.209:443

66.26.160.37:443

97.96.51.117:443

5.13.221.230:443

68.174.9.179:443

73.137.187.150:443

24.37.178.158:443

47.136.224.60:443

68.39.177.147:995

176.223.46.147:443

72.29.181.77:2078

68.174.15.223:443

50.29.181.193:995

Targets

- Target
  
  2c1a14b73b086a014b310d2abe314130f293b3319f5bd7dfb53da39db35770db
- Size
  
  2.1MB
- MD5
  
  cb803188a570da7a41669b4fa22c80df
- SHA1
  
  829720fa8a8082fdc60032978ebbb560481b1529
- SHA256
  
  2c1a14b73b086a014b310d2abe314130f293b3319f5bd7dfb53da39db35770db
- SHA512
  
  203445ae06434785abbacad34052c2720d9d8edb3ee12eb533b39d773981c4d2bde1b20f1b5d00936a9cd57da0e197bac4b7be2be60b9cc596329fe35eaab6c1
Score

10^/10

qakbot spx91 1586289193 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2