qakbot | 10168efc204d9f1a616a736352b493285e70114183466288120cf6cf5f76b8d3 | Triage

Sharing

General

Target

QBot_1d11cc9760625ec23a3c261787c4501d1c47faff3fed090d19d745b73619b951.zip
Size

375KB
Sample

220628-r911qabhd3
MD5

bf8ea3b1a4e5db28a611ee31c8cba779
SHA1

16d2f6672c1968c65fdddb9d2b37c517151acb4e
SHA256

10168efc204d9f1a616a736352b493285e70114183466288120cf6cf5f76b8d3
SHA512

f2e9fafafa07ad82ed59f9dbec88e8da52f1149d876c5cffe968c263c4fbfe5bc05a4625aea1013d6a28b2673482dc431bf4c9036ea125537a635a4fbe225d3b

Score

10^/10

qakbot tr 1643025272 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.10

Botnet

tr

Campaign

1643025272

C2

103.143.8.71:6881

37.210.172.200:2222

136.143.11.232:443

190.73.3.148:2222

78.101.147.76:61202

82.152.39.39:443

65.100.174.110:995

65.100.174.110:443

111.125.245.116:995

117.248.109.38:21

31.215.99.178:443

103.142.10.177:443

39.49.110.129:995

86.97.246.244:1194

68.204.7.158:443

217.128.93.27:2222

144.86.28.125:443

94.59.253.222:2222

120.150.218.241:995

185.249.85.209:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  QBot_1d11cc9760625ec23a3c261787c4501d1c47faff3fed090d19d745b73619b951.bin
- Size
  
  533KB
- MD5
  
  02a0f1c64c6ada110ec2bec993768d1c
- SHA1
  
  2f01ffee887f7b082dd8901b7e2f6573429fc28f
- SHA256
  
  1d11cc9760625ec23a3c261787c4501d1c47faff3fed090d19d745b73619b951
- SHA512
  
  a0ca9b4f77159551be485e2d8f77259ff77b7563ed8a6c4181d758cdbafc8e3b635d8d265e7207d41d2a4b80dfae874b5e2085f659a89a7abb5aae3f4b58b091
Score

10^/10

qakbot tr 1643025272 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr1643025272bankerevasionstealertrojan

behavioral2

qakbottr1643025272bankerevasionstealertrojan