qakbot | ebc65a0de1181cf74562042be9a2c87fadc0e3982fb5c15d27a58570ed155746 | Triage

Sharing

General

Target

22e2bcca5afd5e52dd8c3f38733f0536
Size

2.0MB
Sample

240229-tre2msee96
MD5

22e2bcca5afd5e52dd8c3f38733f0536
SHA1

daa357db2376cd8bacf90ec54d463ae01285a0d7
SHA256

ebc65a0de1181cf74562042be9a2c87fadc0e3982fb5c15d27a58570ed155746
SHA512

a657978d60524ffae6635a946b534c2c9001035d54ca0d1ed53cd9e3c5abbcdd93b65dd9f1c947fb3de32ee9286f766b5cf971ac337dc3d4bca0a6508fd35d49
SSDEEP

3072:RrUbfrh/TP/lpDbIqUKQ0yzMrPye1TMhj4fujyaVzm28NaU:ybFLP/bXHUFzAae1bujL9d8Nd

Score

10^/10

qakbot abc109 1607499808 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.72

Botnet

abc109

Campaign

1607499808

C2

37.210.255.225:443

83.110.13.182:2222

74.75.237.11:443

5.193.106.230:2078

86.125.205.97:443

58.152.9.133:443

83.110.221.218:443

178.87.49.9:443

217.128.117.218:2222

78.63.226.32:443

85.204.189.105:443

217.133.54.140:32100

87.27.110.90:2222

90.23.117.67:2222

94.69.242.254:2222

72.182.209.97:2222

89.137.211.239:443

197.45.110.165:995

105.198.236.99:443

39.32.72.187:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  22e2bcca5afd5e52dd8c3f38733f0536
- Size
  
  2.0MB
- MD5
  
  22e2bcca5afd5e52dd8c3f38733f0536
- SHA1
  
  daa357db2376cd8bacf90ec54d463ae01285a0d7
- SHA256
  
  ebc65a0de1181cf74562042be9a2c87fadc0e3982fb5c15d27a58570ed155746
- SHA512
  
  a657978d60524ffae6635a946b534c2c9001035d54ca0d1ed53cd9e3c5abbcdd93b65dd9f1c947fb3de32ee9286f766b5cf971ac337dc3d4bca0a6508fd35d49
- SSDEEP
  
  3072:RrUbfrh/TP/lpDbIqUKQ0yzMrPye1TMhj4fujyaVzm28NaU:ybFLP/bXHUFzAae1bujL9d8Nd
Score

10^/10

qakbot abc109 1607499808 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc1091607499808bankerstealertrojan

behavioral2

qakbotabc1091607499808bankerstealertrojan