qakbot | 9019cb133061aa1cbc767b73f22d01bae3d2241978557cea4889fc484e9719f0 | Triage

Sharing

General

Target

9aacffe08f5bf96a8e96214021094a80N
Size

1.5MB
Sample

240915-eh8j9svdmj
MD5

9aacffe08f5bf96a8e96214021094a80
SHA1

65d2569e8dafc1cf990c8c2d4605078980630847
SHA256

9019cb133061aa1cbc767b73f22d01bae3d2241978557cea4889fc484e9719f0
SHA512

a40219316089558b3d8c38c4ec3220e593818df0feef9ef505662baf818bd6f2c16d081f8b40c10142e22e500d4cf8b63a58b386cb3f23b321eda12af911df07
SSDEEP

6144:YFjeFW6wiDwJ8pFAhp7Lyf/8c/28AH7O8zu/Ab2:YFj36NpFAXW8cOs

Score

10^/10

qakbot abc118 1611065943 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

abc118

Campaign

1611065943

C2

172.87.157.235:3389

193.248.221.184:2222

208.126.142.17:443

108.31.15.10:995

78.63.226.32:443

67.6.91.75:443

209.210.187.52:995

173.18.126.193:2222

83.110.12.140:2222

50.244.112.106:443

71.117.132.169:443

216.201.162.158:443

90.175.88.99:2222

84.72.35.226:443

85.52.72.32:2222

89.3.198.238:443

140.82.49.12:443

95.76.27.6:443

24.229.150.54:995

202.185.138.143:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  9aacffe08f5bf96a8e96214021094a80N
- Size
  
  1.5MB
- MD5
  
  9aacffe08f5bf96a8e96214021094a80
- SHA1
  
  65d2569e8dafc1cf990c8c2d4605078980630847
- SHA256
  
  9019cb133061aa1cbc767b73f22d01bae3d2241978557cea4889fc484e9719f0
- SHA512
  
  a40219316089558b3d8c38c4ec3220e593818df0feef9ef505662baf818bd6f2c16d081f8b40c10142e22e500d4cf8b63a58b386cb3f23b321eda12af911df07
- SSDEEP
  
  6144:YFjeFW6wiDwJ8pFAhp7Lyf/8c/28AH7O8zu/Ab2:YFj36NpFAXW8cOs
Score

10^/10

qakbot abc118 1611065943 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc1181611065943bankerdiscoverystealertrojan

behavioral2