qakbot | 1bf211e2a408fd53194baf1737c7f58b2d64806612fc2a37b4121c80d252a935 | Triage

Sharing

General

Target

1bf211e2a408fd53194baf1737c7f58b2d64806612fc2a37b4121c80d252a935.exe
Size

701KB
Sample

241119-119qyatmay
MD5

73100896a4485390bfd0aa659e66b107
SHA1

db2d10f66d5daefe15ff51d6adba6c398fc95872
SHA256

1bf211e2a408fd53194baf1737c7f58b2d64806612fc2a37b4121c80d252a935
SHA512

18180af141521a8be8c7c691145f5097b004a68fec1436815cfd701e9891d93a0e53bd134a81293dd126fe89ca5098eb00ba90a7f46504b04d4f857375adcb7b
SSDEEP

12288:ARD5ZM4/o2Nmq4twYY32OOHslp0a3yAqSqhwM8PZeMgK3YNs1dxS3D0d:AZB/XPa1HslPHPMMg3sEu

Score

10^/10

qakbot tr 1635152597 banker discovery evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1635152597

C2

120.150.218.241:995

143.92.137.106:443

41.43.196.111:443

196.207.140.40:995

136.143.11.232:443

39.49.45.250:995

87.109.246.232:995

96.246.158.154:995

216.201.162.158:443

45.9.20.200:443

197.89.144.19:443

37.208.162.27:443

207.246.112.221:443

189.252.140.141:32101

96.21.251.127:2222

103.143.8.71:443

115.99.227.13:995

73.25.109.183:2222

182.176.180.73:443

2.222.167.138:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  1bf211e2a408fd53194baf1737c7f58b2d64806612fc2a37b4121c80d252a935.exe
- Size
  
  701KB
- MD5
  
  73100896a4485390bfd0aa659e66b107
- SHA1
  
  db2d10f66d5daefe15ff51d6adba6c398fc95872
- SHA256
  
  1bf211e2a408fd53194baf1737c7f58b2d64806612fc2a37b4121c80d252a935
- SHA512
  
  18180af141521a8be8c7c691145f5097b004a68fec1436815cfd701e9891d93a0e53bd134a81293dd126fe89ca5098eb00ba90a7f46504b04d4f857375adcb7b
- SSDEEP
  
  12288:ARD5ZM4/o2Nmq4twYY32OOHslp0a3yAqSqhwM8PZeMgK3YNs1dxS3D0d:AZB/XPa1HslPHPMMg3sEu
Score

10^/10

qakbot tr 1635152597 banker discovery evasion stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbottr1635152597bankerdiscoveryevasionstealertrojan

behavioral2

qakbottr1635152597bankerdiscoveryevasionstealertrojan