qakbot | a948bbd5564f1c1ccdfa8a58d7f8078803fe35cfb968e371612de68200bab8f3 | Triage

Sharing

General

Target

9eb51938c94cd00d72a94228aa74bf01af94c5e34134f9d4ccceabe1adaf941c
Size

376KB
Sample

220323-xl97daabf3
MD5

74c1f5ff241d3f37fb7d4fa506e6e6e7
SHA1

04ba632fa45da01416d3417e14806fb9c1ed60dc
SHA256

a948bbd5564f1c1ccdfa8a58d7f8078803fe35cfb968e371612de68200bab8f3
SHA512

5b05528d0e3caddbdc32c675937819a528ce57ebfc0aba58c4e9b5c1e5945a7c4f7fc4a161a941a5d9c19c392a63bd2fc675daf08fd141189dddb553fd6f6e3f

Score

10^/10

qakbot tr 1643025272 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.10

Botnet

tr

Campaign

1643025272

C2

103.143.8.71:6881

37.210.172.200:2222

136.143.11.232:443

190.73.3.148:2222

78.101.147.76:61202

82.152.39.39:443

65.100.174.110:995

65.100.174.110:443

111.125.245.116:995

117.248.109.38:21

31.215.99.178:443

103.142.10.177:443

39.49.110.129:995

86.97.246.244:1194

68.204.7.158:443

217.128.93.27:2222

144.86.28.125:443

94.59.253.222:2222

120.150.218.241:995

185.249.85.209:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  9eb51938c94cd00d72a94228aa74bf01af94c5e34134f9d4ccceabe1adaf941c
- Size
  
  540KB
- MD5
  
  071ad10215860115bf7b8029be5034e1
- SHA1
  
  6e66446f00dcef3ace3aa3ebaa4ce3a591a22a9a
- SHA256
  
  9eb51938c94cd00d72a94228aa74bf01af94c5e34134f9d4ccceabe1adaf941c
- SHA512
  
  030d52f949dc788b06420cf228e3e4c8f4709a7debc739b599b55ff6b921ec2e4f97d67e072388504a103f5509f080c0cba959d358f5d113a7df5282eb8ea4bb
Score

10^/10

qakbot tr 1643025272 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr1643025272bankerevasionstealertrojan

behavioral2

qakbottr1643025272bankerstealertrojan