qakbot | 29148f550d02cf98d89efb53f7137da28e91df43790f4fc052a0f405f99edcc1

Resubmissions

23-03-2022 09:31

220323-lg9jhabga2 10

23-03-2022 09:00

220323-kyaaasbbb6 10

23-03-2022 08:49

220323-kq8g5aahe9 10

Sharing

Copy URL

Twitter E-mail

General

Target

29148f550d02cf98d89efb53f7137da28e91df43790f4fc052a0f405f99edcc1
Size

260KB
Sample

220323-kyaaasbbb6
MD5

01b9cb4752f2a33d563fd09089d76571
SHA1

8aa2a65b78c1da2bac332069f53b6283c46f9fc6
SHA256

29148f550d02cf98d89efb53f7137da28e91df43790f4fc052a0f405f99edcc1
SHA512

2764312e1608927ead6467c885ab5155d6fac3ec69ab856991a50f8af0f61085901c43fd4ce2d7f071623bb9e0bd6d478103d9ad87ae6219334fb1102ee297aa

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

401.51

Botnet

abc105

Campaign

1606839097

90.101.117.122:2222

78.97.207.104:443

189.222.242.165:995

95.76.27.6:443

2.50.56.81:443

96.225.88.23:443

47.21.192.182:2222

189.222.242.165:443

197.86.204.38:443

84.117.176.32:443

93.146.133.102:2222

71.38.13.243:443

96.21.251.127:2222

184.98.97.227:995

58.179.21.147:995

187.213.136.249:995

65.30.213.13:6882

80.195.103.146:2222

106.51.85.162:443

187.227.87.235:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  29148f550d02cf98d89efb53f7137da28e91df43790f4fc052a0f405f99edcc1
- Size
  
  260KB
- MD5
  
  01b9cb4752f2a33d563fd09089d76571
- SHA1
  
  8aa2a65b78c1da2bac332069f53b6283c46f9fc6
- SHA256
  
  29148f550d02cf98d89efb53f7137da28e91df43790f4fc052a0f405f99edcc1
- SHA512
  
  2764312e1608927ead6467c885ab5155d6fac3ec69ab856991a50f8af0f61085901c43fd4ce2d7f071623bb9e0bd6d478103d9ad87ae6219334fb1102ee297aa
Score

10^/10

qakbot abc105 1606839097 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Detects QakBot. loaded modules and functions.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Detects QakBot. loaded modules and functions.

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2