qakbot | c0f7ebcd16182e2d5d5e05c310f161eb61eb0c20569827a09e65c1f93a866de0 | Triage

Sharing

General

Target

qb.zip
Size

318KB
Sample

221027-msdrmsbha3
MD5

5feb039fbe607afa531c65fbc7618ad0
SHA1

2b71b494b31229873c8baf3bde5de6031f96d8ee
SHA256

c0f7ebcd16182e2d5d5e05c310f161eb61eb0c20569827a09e65c1f93a866de0
SHA512

fa4edf23251f693de82af0adec7819d0ad335f5fc2b44e5af70fd9f59303a5f5c3e0a035da67ebc9df3d4e203ec6f7ad47e68d8ad726f6713d31c8033cde847d
SSDEEP

6144:fvySkvOT5Hj1L1fZ4VsgD0ZQIV4bQ1vZjPZ8uDCsc2c7ro+:fv/uOp1L0VsgD4duEvJPZ88YjD

Score

10^/10

qakbot notset 1632819510 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

notset

Campaign

1632819510

C2

196.217.156.63:995

120.150.218.241:995

95.77.223.148:443

185.250.148.74:443

181.118.183.94:443

105.198.236.99:443

140.82.49.12:443

37.210.152.224:995

89.101.97.139:443

81.241.252.59:2078

27.223.92.142:995

81.250.153.227:2222

73.151.236.31:443

47.22.148.6:443

122.11.220.212:2222

120.151.47.189:443

199.27.127.129:443

216.201.162.158:443

136.232.34.70:443

76.25.142.196:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  71e4f7864d915a86246aa892fa2d48579f441627156bd3cf65508dce6acf9d02
- Size
  
  502KB
- MD5
  
  c3a6d02b5417075185f4fe3053731095
- SHA1
  
  ed6f591b4a0c24c8314b1e62df799603ffc50e02
- SHA256
  
  71e4f7864d915a86246aa892fa2d48579f441627156bd3cf65508dce6acf9d02
- SHA512
  
  c1577c3d6de71181bef0dd324afeb5c4b36d874ee6fc32d55e4954892076123316f3e255ded5ff59a946ae20918ab756b7deb491b22152a6b9d79754a30e03f9
- SSDEEP
  
  12288:V2Nje8T1MgBj4W1A7IIQmVyEcij9IB/XrtJPrGYidZKCRw9WU:oNK8LBj4WmHQOAe9IB/btFyYiPw
Score

10^/10

qakbot notset 1632819510 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotnotset1632819510bankerevasionstealertrojan

behavioral2

qakbotnotset1632819510bankerstealertrojan