qakbot | 022a8b444c4710333e915211c56be80e257ad50728ada765cc23282050e901fd | Triage

Sharing

General

Target

022a8b444c4710333e915211c56be80e257ad50728ada765cc23282050e901fd.exe
Size

534KB
Sample

241122-s9e9pazlej
MD5

331e97b0d271eb890b2104c7d6e8d292
SHA1

ac50d8706fda4ab182ae8a348449e67e5e6de6bb
SHA256

022a8b444c4710333e915211c56be80e257ad50728ada765cc23282050e901fd
SHA512

f221debc5f8dee4977b7e15c434d2ca4652c67aecbf45bdf9e0602e96a01ab26d73a41e5539045d5d4f36554bb4ace3515b6fd2cff5a189b0a75aa607ed80ed3
SSDEEP

3072:vxAqb35qSyYNYuFwXBBWYn0WWeP24iABEabz1fz+Bnp1WC3polyaSXO3etYkpHsd:yqb35qjY7wXrNJicLfz+hqv4BtYyxDW

Score

10^/10

qakbot biden54 1634802135 banker discovery evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

biden54

Campaign

1634802135

C2

81.250.153.227:2222

120.150.218.241:995

76.25.142.196:443

63.143.92.99:995

89.101.97.139:443

136.143.11.232:443

81.213.59.22:443

136.232.34.70:443

140.82.49.12:443

37.208.181.198:61200

78.191.24.189:995

216.201.162.158:443

197.89.144.102:443

89.137.52.44:443

182.176.180.73:443

173.21.10.71:2222

117.198.156.56:443

196.207.140.40:995

103.142.10.177:443

24.231.209.2:6881

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  022a8b444c4710333e915211c56be80e257ad50728ada765cc23282050e901fd.exe
- Size
  
  534KB
- MD5
  
  331e97b0d271eb890b2104c7d6e8d292
- SHA1
  
  ac50d8706fda4ab182ae8a348449e67e5e6de6bb
- SHA256
  
  022a8b444c4710333e915211c56be80e257ad50728ada765cc23282050e901fd
- SHA512
  
  f221debc5f8dee4977b7e15c434d2ca4652c67aecbf45bdf9e0602e96a01ab26d73a41e5539045d5d4f36554bb4ace3515b6fd2cff5a189b0a75aa607ed80ed3
- SSDEEP
  
  3072:vxAqb35qSyYNYuFwXBBWYn0WWeP24iABEabz1fz+Bnp1WC3polyaSXO3etYkpHsd:yqb35qjY7wXrNJicLfz+hqv4BtYyxDW
Score

10^/10

qakbot biden54 1634802135 banker discovery evasion stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotbiden541634802135bankerdiscoveryevasionstealertrojan

behavioral2

qakbotbiden541634802135bankerdiscoveryevasionstealertrojan