qakbot | ebc65a0de1181cf74562042be9a2c87fadc0e3982fb5c15d27a58570ed155746 | Triage

Sharing

General

Target

22e2bcca5afd5e52dd8c3f38733f0536
Size

2.0MB
Sample

240229-tre2msee96
MD5

22e2bcca5afd5e52dd8c3f38733f0536
SHA1

daa357db2376cd8bacf90ec54d463ae01285a0d7
SHA256

ebc65a0de1181cf74562042be9a2c87fadc0e3982fb5c15d27a58570ed155746
SHA512

a657978d60524ffae6635a946b534c2c9001035d54ca0d1ed53cd9e3c5abbcdd93b65dd9f1c947fb3de32ee9286f766b5cf971ac337dc3d4bca0a6508fd35d49
SSDEEP

3072:RrUbfrh/TP/lpDbIqUKQ0yzMrPye1TMhj4fujyaVzm28NaU:ybFLP/bXHUFzAae1bujL9d8Nd

Score

10^/10

qakbot abc109 1607499808 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.72

Botnet

abc109

Campaign

1607499808

C2

37.210.255.225:443

83.110.13.182:2222

74.75.237.11:443

5.193.106.230:2078

86.125.205.97:443

58.152.9.133:443

83.110.221.218:443

178.87.49.9:443

217.128.117.218:2222

78.63.226.32:443

85.204.189.105:443

217.133.54.140:32100

87.27.110.90:2222

90.23.117.67:2222

94.69.242.254:2222

72.182.209.97:2222

89.137.211.239:443

197.45.110.165:995

105.198.236.99:443

39.32.72.187:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  22e2bcca5afd5e52dd8c3f38733f0536
- Size
  
  2.0MB
- MD5
  
  22e2bcca5afd5e52dd8c3f38733f0536
- SHA1
  
  daa357db2376cd8bacf90ec54d463ae01285a0d7
- SHA256
  
  ebc65a0de1181cf74562042be9a2c87fadc0e3982fb5c15d27a58570ed155746
- SHA512
  
  a657978d60524ffae6635a946b534c2c9001035d54ca0d1ed53cd9e3c5abbcdd93b65dd9f1c947fb3de32ee9286f766b5cf971ac337dc3d4bca0a6508fd35d49
- SSDEEP
  
  3072:RrUbfrh/TP/lpDbIqUKQ0yzMrPye1TMhj4fujyaVzm28NaU:ybFLP/bXHUFzAae1bujL9d8Nd
Score

10^/10

qakbot abc109 1607499808 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

qakbotabc1091607499808bankerstealertrojan

behavioral2

qakbotabc1091607499808bankerstealertrojan