qakbot | 5b1928e0f4afd659d9a1aa169ba9e794e57251725a8674af205392d3a2f255b5 | Triage

Sharing

General

Target

455253_c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a.zip
Size

237KB
Sample

231219-xsb8xscab5
MD5

2739602af9de4e37007f49887c17dc8b
SHA1

9c51c995d91ae838349a35746ed173e7fdfa4df8
SHA256

5b1928e0f4afd659d9a1aa169ba9e794e57251725a8674af205392d3a2f255b5
SHA512

62eff2f78c0e999b296c18f99977c9c6e7d68bb9ee7a92db9069a2bc6f4e76536711d68123db6676061a3b351e75f29c841c145b016b44ca56021ca1d51817a5
SSDEEP

6144:fr/nfFCyA5pomBssfsvBERD4fe9iwVmtuVU0UJ7I4h7swR2:RDA0mBsgxtyyNmtuVU0Q7rh7swI

Score

10^/10

qakbot aa 1649660679 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.573

Botnet

AA

Campaign

1649660679

C2

41.228.22.180:443

47.23.89.62:995

176.67.56.94:443

103.107.113.120:443

148.64.96.100:443

47.180.172.159:443

181.118.183.98:443

140.82.49.12:443

103.87.95.133:2222

96.21.251.127:2222

197.167.62.14:993

46.107.48.202:443

24.43.99.75:443

172.115.177.204:2222

80.11.74.81:2222

66.98.42.102:443

75.99.168.194:61201

173.174.216.62:443

45.9.20.200:443

39.41.158.185:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a
- Size
  
  543KB
- MD5
  
  ffaf9cd085434fd5230511ab895ba494
- SHA1
  
  9e49d29d66d380255e5e8e2ccf19f5b51eb92001
- SHA256
  
  c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a
- SHA512
  
  01890758e839b3eb90dc3711dd470ba1e232798ed0f62d89185e450877161fd321b5b125ab0a64f270c2f37ef129f59eb5848164d26fb4965534d77a0d4f2300
- SSDEEP
  
  12288:DSG3daX8glK/McVThyhRBof4byx7ILypuLT+CLWNhM3Q2Bz:DSc3l/ML3bypxOT+CLsu
Score

10^/10

qakbot aa 1649660679 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

aa1649660679qakbot

behavioral1

qakbotaa1649660679bankerevasionstealertrojan