qakbot | 4bc6fbbd923c4bf3925f60d89d0bd25860152b9f19d2809f211b544fac9891e8 | Triage

Sharing

General

Target

4bc6fbbd923c4bf3925f60d89d0bd25860152b9f19d2809f211b544fac9891e8.exe
Size

1.2MB
Sample

241123-pl9xls1ldj
MD5

8b508dec08cf304b2978e7e90578a2e2
SHA1

259bf215667a337cca8619487d395cf0b8979bcd
SHA256

4bc6fbbd923c4bf3925f60d89d0bd25860152b9f19d2809f211b544fac9891e8
SHA512

247760ca95faf353dd4ae8bc239d5a063a09f3a80dc710c131e5af5268b2475dab88ac641cc337d79a4665adb51cc852ab3d520bef77ff0c886f22f0488a8824
SSDEEP

24576:m/o9iBRudBYZb/WqWletdadgndrqnq/wKkVWf:YRuEbeqWYMqnFY2IWf

Score

10^/10

qakbot tr 1634905513 banker discovery evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1634905513

C2

27.5.5.31:2222

136.143.11.232:443

68.186.192.69:443

117.198.157.160:443

108.4.67.252:443

207.246.112.221:995

105.198.236.99:995

37.208.181.198:61200

115.99.227.13:995

140.82.49.12:443

188.50.34.167:995

216.201.162.158:443

103.142.10.177:443

197.89.21.241:443

73.25.109.183:2222

81.250.153.227:2222

2.222.167.138:443

78.191.24.189:995

87.242.20.233:2222

89.101.97.139:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  4bc6fbbd923c4bf3925f60d89d0bd25860152b9f19d2809f211b544fac9891e8.exe
- Size
  
  1.2MB
- MD5
  
  8b508dec08cf304b2978e7e90578a2e2
- SHA1
  
  259bf215667a337cca8619487d395cf0b8979bcd
- SHA256
  
  4bc6fbbd923c4bf3925f60d89d0bd25860152b9f19d2809f211b544fac9891e8
- SHA512
  
  247760ca95faf353dd4ae8bc239d5a063a09f3a80dc710c131e5af5268b2475dab88ac641cc337d79a4665adb51cc852ab3d520bef77ff0c886f22f0488a8824
- SSDEEP
  
  24576:m/o9iBRudBYZb/WqWletdadgndrqnq/wKkVWf:YRuEbeqWYMqnFY2IWf
Score

10^/10

qakbot tr 1634905513 banker discovery evasion stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbottr1634905513bankerdiscoveryevasionstealertrojan

behavioral2

qakbottr1634905513bankerdiscoveryevasionstealertrojan