qakbot | d348d0c2d8883055db5065ac12f81776b04eb959aac1008066793ec7b4074e8a | Triage

Sharing

General

Target

5faa7267f9faaa585023a8398609b630N
Size

1.0MB
Sample

240825-1z8r9azbqn
MD5

5faa7267f9faaa585023a8398609b630
SHA1

3070d3612cbecd56b9425e5ff5d9c24ceff3ae7a
SHA256

d348d0c2d8883055db5065ac12f81776b04eb959aac1008066793ec7b4074e8a
SHA512

2f66bd3ed9fe8bc4fd165aaf076f38392bc58115c13cca2652e47835a618d5a836cb2a2216b799e1b2ae266912bd2b08affcb51887adce850a2d23cc7ce49ab0
SSDEEP

6144:pwexqEM8055EX+dridb0+NCirQ6TBByIeJzt93S0EE8cuFA6EpnznituagDgwzyC:2exF055EX+dW1VONPfzituaC9zbLD

Score

10^/10

qakbot biden51 1622109872 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

biden51

Campaign

1622109872

C2

97.69.160.4:2222

96.37.113.36:993

50.244.112.106:443

172.78.43.46:443

47.22.148.6:443

197.45.110.165:995

71.187.170.235:443

75.67.192.125:443

96.61.23.88:995

140.82.49.12:443

81.97.154.100:443

122.58.117.81:995

105.198.236.99:443

68.186.192.69:443

92.59.35.196:2222

149.28.98.196:443

45.32.211.207:995

45.32.211.207:2222

45.77.115.208:2222

144.202.38.185:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  5faa7267f9faaa585023a8398609b630N
- Size
  
  1.0MB
- MD5
  
  5faa7267f9faaa585023a8398609b630
- SHA1
  
  3070d3612cbecd56b9425e5ff5d9c24ceff3ae7a
- SHA256
  
  d348d0c2d8883055db5065ac12f81776b04eb959aac1008066793ec7b4074e8a
- SHA512
  
  2f66bd3ed9fe8bc4fd165aaf076f38392bc58115c13cca2652e47835a618d5a836cb2a2216b799e1b2ae266912bd2b08affcb51887adce850a2d23cc7ce49ab0
- SSDEEP
  
  6144:pwexqEM8055EX+dridb0+NCirQ6TBByIeJzt93S0EE8cuFA6EpnznituagDgwzyC:2exF055EX+dW1VONPfzituaC9zbLD
Score

10^/10

qakbot biden51 1622109872 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotbiden511622109872bankerdiscoverystealertrojan

behavioral2

qakbotbiden511622109872bankerdiscoverystealertrojan