qakbot | 576b5cf6c716a70dc15903525bc7427dc3fc5bfefc6f13fbf6d2540d64c89992 | Triage

Sharing

General

Target

576b5cf6c716a70dc15903525bc7427dc3fc5bfefc6f13fbf6d2540d64c89992.exe
Size

1.2MB
Sample

241123-kdrzls1qgs
MD5

b95e063502d7f8720c8a55a605c1d7d8
SHA1

9210d09696d842fb1759d09264d35fddedb5be6e
SHA256

576b5cf6c716a70dc15903525bc7427dc3fc5bfefc6f13fbf6d2540d64c89992
SHA512

4a0e2d4307b059326b1133889fd4ca67da3266d8e20c319b38c953ac51c0622b31314832f339a839097d21e7c6942137e2e1dc8eabe3569ec0a1e46a3236ffe7
SSDEEP

24576:ww7BZFodRlyc501VWUMkTjACzDSMPhy5DipHl950JkSr+qk5acKVv8dzF+7Y:HLt18UMeTzD3pbpr50mSrtkIcKVvuh+s

Score

10^/10

qakbot tr 1633943125 banker discovery evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1633943125

C2

140.82.49.12:443

89.137.52.44:443

24.107.165.50:443

66.216.193.114:443

75.131.217.182:443

41.86.42.158:995

24.119.214.7:443

67.166.233.75:443

105.198.236.99:443

120.151.47.189:443

2.222.167.138:443

41.228.22.180:443

78.105.213.151:995

5.193.125.67:995

41.86.42.158:443

96.57.188.174:2078

120.150.218.241:995

66.177.215.152:0

122.11.220.212:2222

73.52.50.32:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  576b5cf6c716a70dc15903525bc7427dc3fc5bfefc6f13fbf6d2540d64c89992.exe
- Size
  
  1.2MB
- MD5
  
  b95e063502d7f8720c8a55a605c1d7d8
- SHA1
  
  9210d09696d842fb1759d09264d35fddedb5be6e
- SHA256
  
  576b5cf6c716a70dc15903525bc7427dc3fc5bfefc6f13fbf6d2540d64c89992
- SHA512
  
  4a0e2d4307b059326b1133889fd4ca67da3266d8e20c319b38c953ac51c0622b31314832f339a839097d21e7c6942137e2e1dc8eabe3569ec0a1e46a3236ffe7
- SSDEEP
  
  24576:ww7BZFodRlyc501VWUMkTjACzDSMPhy5DipHl950JkSr+qk5acKVv8dzF+7Y:HLt18UMeTzD3pbpr50mSrtkIcKVvuh+s
Score

10^/10

qakbot tr 1633943125 banker discovery evasion stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbottr1633943125bankerdiscoveryevasionstealertrojan

behavioral2

qakbottr1633943125bankerdiscoveryevasionstealertrojan