qakbot | 870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508

General

Target

870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508.dll
Size

1.7MB
Sample

220825-s8stdsgab8
MD5

1c3839d314110e032334339ac20ee785
SHA1

a5dd1679c30f444e8d8369cbf5c94840cdac987f
SHA256

870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508
SHA512

3b5112eef7baad4ced7557fbd0bb96d6385d0b6767596b1450dae72773d113d5bffd42f6a881f20eda65c6c1a4a898f48dcf4d2600445d1b2150f147e27d48eb
SSDEEP

24576:nKtpZm23yqec9S5hZqT5/ZMoK3EHBCTFvfrr+E+OLzO9AO4k17vvoA+rXBxQHKbC:nC3LoqNG0HBi1X+5OmmPA7Hj+hb

Score

10^/10

qakbot aa 1649273304 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.573

Botnet

AA

Campaign

1649273304

C2

83.110.75.97:2222

47.23.89.62:993

187.207.48.194:61202

45.63.1.12:995

140.82.63.183:995

45.76.167.26:995

140.82.63.183:443

144.202.2.175:995

144.202.3.39:443

149.28.238.199:443

144.202.3.39:995

45.63.1.12:443

149.28.238.199:995

45.76.167.26:443

144.202.2.175:443

100.1.108.246:443

32.221.224.140:995

24.55.67.176:443

31.35.28.29:443

70.51.134.168:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508.dll
- Size
  
  1.7MB
- MD5
  
  1c3839d314110e032334339ac20ee785
- SHA1
  
  a5dd1679c30f444e8d8369cbf5c94840cdac987f
- SHA256
  
  870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508
- SHA512
  
  3b5112eef7baad4ced7557fbd0bb96d6385d0b6767596b1450dae72773d113d5bffd42f6a881f20eda65c6c1a4a898f48dcf4d2600445d1b2150f147e27d48eb
- SSDEEP
  
  24576:nKtpZm23yqec9S5hZqT5/ZMoK3EHBCTFvfrr+E+OLzO9AO4k17vvoA+rXBxQHKbC:nC3LoqNG0HBi1X+5OmmPA7Hj+hb
Score

10^/10

qakbot aa 1649273304 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2