qakbot | aa1fd9936567ccfbd41480838cf5eb4f5d74567993aa0aea1df06f03390cd326 | Triage

Sharing

General

Target

444444.png
Size

720KB
Sample

231011-n9gejafh76
MD5

1692df185b5b6c07a50b271118114c83
SHA1

f7456d027f7742aecb39ef0125cb13096f908a7e
SHA256

aa1fd9936567ccfbd41480838cf5eb4f5d74567993aa0aea1df06f03390cd326
SHA512

d083d8a2fed8a8864cb4bb5b90077c04512b1d7bcba39e18f4ced9574d36f3b0561d61a1d367a464500db2d219325611c35e31f215b829edc934892918927b1b
SSDEEP

12288:avKd+uePR25zgtEAjSfUO8l6ilUPpzfDpwlwwFpomqptfUpOlC+v1:IKd+z28EA4UOHqgTDpwlpPzutf5CA

Score

10^/10

qakbot spx49 1577446119 banker persistence stealer trojan

Malware Config

Extracted

Family

qakbot

Version

323.108

Botnet

spx49

Campaign

1577446119

C2

173.80.61.90:443

72.28.255.159:443

5.182.39.156:443

138.122.5.214:2222

47.23.101.26:465

72.190.101.70:443

208.126.142.17:443

72.224.159.224:2222

75.110.90.106:443

66.214.75.176:443

45.45.105.94:995

117.223.146.238:995

71.226.140.73:443

71.30.56.170:443

50.247.230.33:995

173.3.132.17:995

24.229.245.124:995

45.45.105.94:443

173.79.220.156:443

104.35.127.108:2222

Targets

- Target
  
  444444.png
- Size
  
  720KB
- MD5
  
  1692df185b5b6c07a50b271118114c83
- SHA1
  
  f7456d027f7742aecb39ef0125cb13096f908a7e
- SHA256
  
  aa1fd9936567ccfbd41480838cf5eb4f5d74567993aa0aea1df06f03390cd326
- SHA512
  
  d083d8a2fed8a8864cb4bb5b90077c04512b1d7bcba39e18f4ced9574d36f3b0561d61a1d367a464500db2d219325611c35e31f215b829edc934892918927b1b
- SSDEEP
  
  12288:avKd+uePR25zgtEAjSfUO8l6ilUPpzfDpwlwwFpomqptfUpOlC+v1:IKd+z28EA4UOHqgTDpwlpPzutf5CA
Score

10^/10

qakbot spx49 1577446119 banker persistence stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotspx491577446119bankerpersistencestealertrojan

behavioral2

qakbotspx491577446119bankerstealertrojan