qakbot | 484aa7139e61f466aadc3bfbfafb19c9b0b46753431eec1dd00c7cec27231f69 | Triage

Sharing

General

Target

484aa7139e61f466aadc3bfbfafb19c9b0b46753431eec1dd00c7cec27231f69
Size

408KB
Sample

220714-d7d7aabgdn
MD5

b4e811abbbf0d4bd450c770060711e03
SHA1

6992cf181ce54ef41b02d5c376f3e947dd763699
SHA256

484aa7139e61f466aadc3bfbfafb19c9b0b46753431eec1dd00c7cec27231f69
SHA512

c3ff11834cb6a45a687a616905c133ed2f6ed2db7fe1d8619c7cafa356ae20b1714ac5cf758a30ee1b731902db3fff7057f0d55058fc54017b72bc0557cba592

Score

10^/10

qakbot gml01 1647501143 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.549

Botnet

gml01

Campaign

1647501143

C2

76.69.155.202:2222

75.99.168.194:443

129.208.30.2:995

93.48.80.198:995

108.60.213.141:443

176.67.56.94:443

148.64.96.100:443

47.180.172.159:443

47.51.47.182:995

2.42.176.91:443

140.82.49.12:443

197.167.5.180:993

131.154.102.171:32100

86.195.158.178:2222

114.79.148.170:443

201.176.1.223:995

217.165.79.31:443

24.43.99.75:443

5.32.41.45:443

180.129.97.57:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  484aa7139e61f466aadc3bfbfafb19c9b0b46753431eec1dd00c7cec27231f69
- Size
  
  408KB
- MD5
  
  b4e811abbbf0d4bd450c770060711e03
- SHA1
  
  6992cf181ce54ef41b02d5c376f3e947dd763699
- SHA256
  
  484aa7139e61f466aadc3bfbfafb19c9b0b46753431eec1dd00c7cec27231f69
- SHA512
  
  c3ff11834cb6a45a687a616905c133ed2f6ed2db7fe1d8619c7cafa356ae20b1714ac5cf758a30ee1b731902db3fff7057f0d55058fc54017b72bc0557cba592
Score

10^/10

qakbot gml01 1647501143 banker stealer trojan evasion
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

gml011647501143qakbot

behavioral1

qakbotgml011647501143bankerstealertrojan

behavioral2

qakbotgml011647501143bankerevasionstealertrojan