qakbot | 605e372d44e79191af892b85eb3468bedf13916b64198084f58016640f5863da | Triage

Sharing

General

Target

QBot_f1263a039c93f88f4e308f6e17d7863ceb9b48a939357726c152937503dc5b69.zip
Size

639KB
Sample

220628-r95znsbhe9
MD5

4f6030395ba24a97788cb2bf06e408e1
SHA1

3f4caf4c4e198d550471220965ef46f39d2501fb
SHA256

605e372d44e79191af892b85eb3468bedf13916b64198084f58016640f5863da
SHA512

0fb9fc41953f6e4f3205483232e150c818bbab764d9e55b545d5c19d991b5c86c3fa9a71721018d8ce90e28d3b87beb0484cfa58c19c845cdac4f8611f099691

Score

10^/10

qakbot tr 1633334141 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1633334141

C2

75.75.179.226:443

185.250.148.74:443

122.11.220.212:2222

120.150.218.241:995

103.148.120.144:443

140.82.49.12:443

40.131.140.155:995

206.47.134.234:2222

73.230.205.91:443

190.198.206.189:2222

103.157.122.198:995

81.250.153.227:2222

167.248.100.227:443

96.57.188.174:2078

217.17.56.163:2222

217.17.56.163:2078

41.228.22.180:443

136.232.34.70:443

68.186.192.69:443

167.248.111.245:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  QBot_f1263a039c93f88f4e308f6e17d7863ceb9b48a939357726c152937503dc5b69.bin
- Size
  
  1.0MB
- MD5
  
  02f53c52811ab112fc110e817a772c1c
- SHA1
  
  f4c9cc40472799c03f80069b97ac0485f76e72c1
- SHA256
  
  f1263a039c93f88f4e308f6e17d7863ceb9b48a939357726c152937503dc5b69
- SHA512
  
  f195e0ea64b0c09148e0009a4bd60ba53dc777e00fce9790afc8b5236e036a19092265314ac6aaec858312c6744a8397fcfc8bbc50e173e76229528af6aa540f
Score

10^/10

qakbot tr 1633334141 banker stealer trojan evasion
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr1633334141bankerstealertrojan

behavioral2

qakbottr1633334141bankerevasionstealertrojan