qakbot | 9c4570999383e7290f28f5e716cbe5ce0dd44441ab99b2e3e51d19627f5d627e | Triage

Sharing

General

Target

2e00000.dll
Size

543KB
Sample

220407-zkwzgacbe8
MD5

ad3764fdeef80fdb97b91131fdd5e96d
SHA1

55edf2823eedff74883e8e917c43437e577848f4
SHA256

9c4570999383e7290f28f5e716cbe5ce0dd44441ab99b2e3e51d19627f5d627e
SHA512

ce04a194f5fc98e24332213c31f5c2d32445a98a866211851ac9195310397a4b2f2943e48dfecb765d655f0fa263fb5786db26eba664935f22c9439827e9bc56

Score

10^/10

qakbot tzr01 1649312144 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.573

Botnet

tzr01

Campaign

1649312144

C2

140.82.49.12:443

182.191.92.203:995

176.67.56.94:443

148.64.96.100:443

47.180.172.159:443

47.23.89.62:995

181.118.183.98:443

1.161.121.58:995

96.21.251.127:2222

119.158.126.69:995

41.228.22.180:443

176.88.238.122:995

66.98.42.102:443

83.110.85.209:443

208.107.221.224:443

172.115.177.204:2222

73.67.152.98:2222

176.205.119.81:2078

46.107.48.202:443

81.215.196.174:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  2e00000.dll
- Size
  
  543KB
- MD5
  
  ad3764fdeef80fdb97b91131fdd5e96d
- SHA1
  
  55edf2823eedff74883e8e917c43437e577848f4
- SHA256
  
  9c4570999383e7290f28f5e716cbe5ce0dd44441ab99b2e3e51d19627f5d627e
- SHA512
  
  ce04a194f5fc98e24332213c31f5c2d32445a98a866211851ac9195310397a4b2f2943e48dfecb765d655f0fa263fb5786db26eba664935f22c9439827e9bc56
Score

10^/10

qakbot tzr01 1649312144 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

tzr011649312144qakbot

behavioral1

qakbottzr011649312144bankerevasionstealertrojan

behavioral2

qakbottzr011649312144bankerevasionstealertrojan