qakbot | 75c387ac5a98de02da25fc1c8bd9fd2008cf11bb159e01bf6f02b007600811aa | Triage

Sharing

General

Target

75c387ac5a98de02da25fc1c8bd9fd2008cf11bb159e01bf6f02b007600811aa
Size

1.0MB
Sample

220502-r4tpfsfcb3
MD5

6eaa498e805a0572c4d1c86361701ede
SHA1

80a219de9fb7d4e864c56bd478d4c5db983387e2
SHA256

75c387ac5a98de02da25fc1c8bd9fd2008cf11bb159e01bf6f02b007600811aa
SHA512

5a45d12197484c7889f80eb29bc6a34ef3ca76c518e4f33baeda87b69231e7e2d0ddd97c3d3effdcb4932695c958c56cd19033570c2d9615774ff6bb8303f83b

Score

10^/10

qakbot abc020 1602752985 banker persistence stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc020

Campaign

1602752985

C2

2.89.121.99:995

89.42.142.35:443

81.133.234.36:2222

71.163.222.203:443

75.136.40.155:443

93.149.253.201:2222

71.187.170.235:443

185.19.190.81:443

196.221.61.242:443

72.28.255.159:995

45.32.162.253:443

45.32.155.12:443

45.32.155.12:2222

199.247.16.80:443

134.0.196.46:995

24.27.82.216:2222

117.218.208.239:443

68.225.60.77:443

217.162.149.212:443

71.19.217.23:443

Targets

- Target
  
  75c387ac5a98de02da25fc1c8bd9fd2008cf11bb159e01bf6f02b007600811aa
- Size
  
  1.0MB
- MD5
  
  6eaa498e805a0572c4d1c86361701ede
- SHA1
  
  80a219de9fb7d4e864c56bd478d4c5db983387e2
- SHA256
  
  75c387ac5a98de02da25fc1c8bd9fd2008cf11bb159e01bf6f02b007600811aa
- SHA512
  
  5a45d12197484c7889f80eb29bc6a34ef3ca76c518e4f33baeda87b69231e7e2d0ddd97c3d3effdcb4932695c958c56cd19033570c2d9615774ff6bb8303f83b
Score

10^/10

qakbot abc020 1602752985 banker stealer trojan persistence
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotabc0201602752985bankerstealertrojan

behavioral2

qakbotabc0201602752985bankerpersistencestealertrojan