qakbot | 30688a71ea4fefa95fd7be8a9fdceab187d74e4d14910462fa576e6386c28d64 | Triage

Sharing

General

Target

e2bc969424adc97345ac81194d316f58da38621aad3ca7ae27e40a8fae582987.zip
Size

128KB
Sample

220615-nry7maecfq
MD5

a5e1029066f5ab2256ea31c4cb0ea3cd
SHA1

0e26a82bb0f197bdb1c19253f853ae2b62c069b1
SHA256

30688a71ea4fefa95fd7be8a9fdceab187d74e4d14910462fa576e6386c28d64
SHA512

33dff0fd62d18977b4fa83b24461be002f8392e5aa19dd2de8e84591371ff63215ae384aee3827ebcd6e154e2065aadc080b189179b0492183f10cf819b2b114

Score

10^/10

qakbot tr 1633597626 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1633597626

C2

120.150.218.241:995

185.250.148.74:443

89.137.52.44:443

66.103.170.104:2222

86.8.177.143:443

216.201.162.158:443

174.54.193.186:443

103.148.120.144:443

188.50.169.158:443

124.123.42.115:2222

140.82.49.12:443

199.27.127.129:443

81.241.252.59:2078

209.142.97.161:995

209.50.20.255:443

73.230.205.91:443

200.232.214.222:995

103.142.10.177:443

2.222.167.138:443

41.228.22.180:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  e2bc969424adc97345ac81194d316f58da38621aad3ca7ae27e40a8fae582987.dll
- Size
  
  545KB
- MD5
  
  53510e20efb161d5b71c4ce2800c1a8d
- SHA1
  
  2268178851d0d0debb9ab457d73af8a5e50af168
- SHA256
  
  e2bc969424adc97345ac81194d316f58da38621aad3ca7ae27e40a8fae582987
- SHA512
  
  27f4f030928581d23212e18cfd0b33376677cef43ad5605e124cd80e2102cd1d559bf205ae1693e5e6567a6bd33d00d0e7209e32d503116d8b1594cb78ae69a3
Score

10^/10

qakbot tr 1633597626 banker stealer trojan evasion
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr1633597626bankerstealertrojan

behavioral2

qakbottr1633597626bankerevasionstealertrojan