qakbot | 834a32737b36788d6f2bc3e00fe5a621849a8b24d70f441fd003504f112446dc | Triage

Sharing

General

Target

f3b39f71eb28d72447f0fe5b6abba620N
Size

534KB
Sample

240826-yrf16asgme
MD5

f3b39f71eb28d72447f0fe5b6abba620
SHA1

6f87fb4a18bcfdd91c3a2b2f8a0c088d955af602
SHA256

834a32737b36788d6f2bc3e00fe5a621849a8b24d70f441fd003504f112446dc
SHA512

8bff50af175f5577527c9324fff55c37033240d1a87b1f17c166a013acabaaeb5783edfddef88f1d424989f334183f2811a8c91332903a6a99ababeea9bdf93b
SSDEEP

6144:ne6FZ0+NCirQ6TBByIeJzt93S0EE8cuFA6Epnznitg8055EX+driwrWSzdr:bVONPfzit1055EX+dWMxzF

Score

10^/10

qakbot biden44 1621342408 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

biden44

Campaign

1621342408

C2

172.78.43.46:443

50.244.112.106:443

24.179.77.148:443

86.220.62.251:2222

24.139.72.117:443

24.55.112.61:443

45.63.107.192:443

197.45.110.165:995

24.122.166.173:443

47.22.148.6:443

149.28.99.97:995

45.63.107.192:995

71.187.170.235:443

144.139.47.206:443

86.157.25.253:443

81.97.154.100:443

75.67.192.125:443

71.163.224.97:443

105.198.236.101:443

105.198.236.99:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  f3b39f71eb28d72447f0fe5b6abba620N
- Size
  
  534KB
- MD5
  
  f3b39f71eb28d72447f0fe5b6abba620
- SHA1
  
  6f87fb4a18bcfdd91c3a2b2f8a0c088d955af602
- SHA256
  
  834a32737b36788d6f2bc3e00fe5a621849a8b24d70f441fd003504f112446dc
- SHA512
  
  8bff50af175f5577527c9324fff55c37033240d1a87b1f17c166a013acabaaeb5783edfddef88f1d424989f334183f2811a8c91332903a6a99ababeea9bdf93b
- SSDEEP
  
  6144:ne6FZ0+NCirQ6TBByIeJzt93S0EE8cuFA6Epnznitg8055EX+driwrWSzdr:bVONPfzit1055EX+dWMxzF
Score

10^/10

qakbot biden44 1621342408 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotbiden441621342408bankerdiscoverystealertrojan

behavioral2

qakbotbiden441621342408bankerdiscoverystealertrojan