qakbot | 82dae5e93006e8bbbef21b855953a5445999ec08a89852f40bdc848c9c072186

General

Target

82dae5e93006e8bbbef21b855953a5445999ec08a89852f40bdc848c9c072186
Size

600KB
Sample

220413-kz1tmsafgq
MD5

81b7339827284990d3477681f653349e
SHA1

2a3adbe9f8a1f76796b1cc3056190ee94be6963f
SHA256

82dae5e93006e8bbbef21b855953a5445999ec08a89852f40bdc848c9c072186
SHA512

5a1043bdd276b9445ed894b34c2241d00abee14c48f7eb2a42ed54a5447c5df7af51f20c15af376fc570b13e94944b1dd8a5d80ee8e5e0e8a9badffbd23c190e

Score

10^/10

qakbot aa 1649749884 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.573

Botnet

AA

Campaign

1649749884

C2

120.150.218.241:995

186.64.67.38:443

196.203.37.215:80

1.161.71.109:443

82.152.39.39:443

76.69.155.202:2222

72.66.116.235:995

103.107.113.120:443

113.11.89.165:995

208.107.221.224:443

103.88.226.30:443

75.99.168.194:443

75.113.214.234:2222

76.169.147.192:32103

190.73.3.148:2222

39.52.2.90:995

38.70.253.226:2222

5.95.58.211:2087

74.15.2.252:2222

76.70.9.169:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  82dae5e93006e8bbbef21b855953a5445999ec08a89852f40bdc848c9c072186
- Size
  
  600KB
- MD5
  
  81b7339827284990d3477681f653349e
- SHA1
  
  2a3adbe9f8a1f76796b1cc3056190ee94be6963f
- SHA256
  
  82dae5e93006e8bbbef21b855953a5445999ec08a89852f40bdc848c9c072186
- SHA512
  
  5a1043bdd276b9445ed894b34c2241d00abee14c48f7eb2a42ed54a5447c5df7af51f20c15af376fc570b13e94944b1dd8a5d80ee8e5e0e8a9badffbd23c190e
Score

10^/10

qakbot aa 1649749884 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

2

T1120

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Blocklisted process makes network request

Loads dropped DLL

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2