qakbot | 179a29d7ebe423ab6831ef9893fa132552027a42575b46346cb3054673c6a5f5

General

Target

179a29d7ebe423ab6831ef9893fa132552027a42575b46346cb3054673c6a5f5
Size

1.9MB
Sample

220205-xgyyjseegq
MD5

d242c27df58e9a3ea35aca2f80aaedc7
SHA1

e8281bdbc4dba1284fed732e3ecaa1e37e4ea2a4
SHA256

179a29d7ebe423ab6831ef9893fa132552027a42575b46346cb3054673c6a5f5
SHA512

f9ef3a48669f34c19b73416b30af6aeaaae4b9cbbfb45194984ba09f592a922ed7a2459878c8fb40c4a5d51e6dd2c026793d9301f45e8b891e5ba33417d16c62

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

324.136

Botnet

spx109

Campaign

1588257690

C2

68.204.164.222:443

47.185.134.79:443

31.5.21.66:443

24.27.82.216:2222

178.193.33.121:2222

96.250.113.218:443

148.75.231.53:443

50.89.14.94:443

50.108.212.180:443

184.57.17.74:443

58.108.188.231:443

47.41.3.40:443

47.39.177.171:2222

47.136.224.60:443

72.29.181.77:2078

94.53.92.42:443

108.227.161.27:995

203.33.139.134:443

72.204.242.138:443

47.180.66.10:443

Targets

- Target
  
  179a29d7ebe423ab6831ef9893fa132552027a42575b46346cb3054673c6a5f5
- Size
  
  1.9MB
- MD5
  
  d242c27df58e9a3ea35aca2f80aaedc7
- SHA1
  
  e8281bdbc4dba1284fed732e3ecaa1e37e4ea2a4
- SHA256
  
  179a29d7ebe423ab6831ef9893fa132552027a42575b46346cb3054673c6a5f5
- SHA512
  
  f9ef3a48669f34c19b73416b30af6aeaaae4b9cbbfb45194984ba09f592a922ed7a2459878c8fb40c4a5d51e6dd2c026793d9301f45e8b891e5ba33417d16c62
Score

10^/10

qakbot spx109 1588257690 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2