qakbot | b991ef2d58b3246bf5f313e2be71ea961fae1376ec88435173f7fb15a48b6fe2 | Triage

Resubmissions

16-05-2024 06:08

240516-gv9n7sff28 10

Sharing

General

Target

a40000.dll
Size

408KB
Sample

240516-gv9n7sff28
MD5

45234504c9fc489cb71be23f1ffeed73
SHA1

e51e28ac648917523c51d9b5a4a1641a3b1202c6
SHA256

b991ef2d58b3246bf5f313e2be71ea961fae1376ec88435173f7fb15a48b6fe2
SHA512

868458dee62fdb69bb5e396251a26091b71490ee7ca04b3d0342a18455f7a7e29d9981b024ce48fedbe85494374a40ed601e53bef9a615e4c8f3304c56655297
SSDEEP

12288:SWutt3oBwRkzp8e2gTQTLZMJpkrLThkr6S:SjtfuzQkCThkr6

Score

10^/10

qakbot tr 1645451836 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.532

Botnet

tr

Campaign

1645451836

C2

190.206.211.182:443

31.35.28.29:443

105.186.167.230:995

72.252.201.34:990

40.134.247.125:995

186.64.87.194:443

2.50.41.69:61200

217.164.119.29:2222

161.142.53.137:443

74.15.2.252:2222

149.135.101.20:443

92.177.45.46:2078

190.73.3.148:2222

81.213.206.182:443

180.233.150.134:995

217.164.115.166:2222

144.202.2.175:443

105.184.116.32:995

47.180.172.159:50010

96.21.251.127:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  a40000.dll
- Size
  
  408KB
- MD5
  
  45234504c9fc489cb71be23f1ffeed73
- SHA1
  
  e51e28ac648917523c51d9b5a4a1641a3b1202c6
- SHA256
  
  b991ef2d58b3246bf5f313e2be71ea961fae1376ec88435173f7fb15a48b6fe2
- SHA512
  
  868458dee62fdb69bb5e396251a26091b71490ee7ca04b3d0342a18455f7a7e29d9981b024ce48fedbe85494374a40ed601e53bef9a615e4c8f3304c56655297
- SSDEEP
  
  12288:SWutt3oBwRkzp8e2gTQTLZMJpkrLThkr6S:SjtfuzQkCThkr6
Score

10^/10

qakbot tr 1645451836 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

tr1645451836qakbot

behavioral1

qakbottr1645451836bankerevasionstealertrojan