qakbot | dc5c92e43766184c98f47737d13f41cda2a04fc5cb4f7aa6e7341ee9f8428462 | Triage

Sharing

General

Target

dc5c92e43766184c98f47737d13f41cda2a04fc5cb4f7aa6e7341ee9f8428462.exe
Size

1.2MB
Sample

241123-vjhm8svkep
MD5

1fd2425d15eddaaf88f7e278fd9a0910
SHA1

e968121376c44d3a52a42281a4679eddd1a9a199
SHA256

dc5c92e43766184c98f47737d13f41cda2a04fc5cb4f7aa6e7341ee9f8428462
SHA512

1edacf0d60c906332549c9b93b340030d17ec39351cd277fa7c9fc9278ba0bf13c5325896e776b0f745d3ad9228bf909e4e33d9e07582ab52268f6acfa05b6b7
SSDEEP

24576:m/o9iBRudBYZb/WqWletdadgndrqnq/wKkVW/:YRuEbeqWYMqnFY2IW/

Score

10^/10

qakbot tr 1634905513 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1634905513

C2

27.5.5.31:2222

136.143.11.232:443

68.186.192.69:443

117.198.157.160:443

108.4.67.252:443

207.246.112.221:995

105.198.236.99:995

37.208.181.198:61200

115.99.227.13:995

140.82.49.12:443

188.50.34.167:995

216.201.162.158:443

103.142.10.177:443

197.89.21.241:443

73.25.109.183:2222

81.250.153.227:2222

2.222.167.138:443

78.191.24.189:995

87.242.20.233:2222

89.101.97.139:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  dc5c92e43766184c98f47737d13f41cda2a04fc5cb4f7aa6e7341ee9f8428462.exe
- Size
  
  1.2MB
- MD5
  
  1fd2425d15eddaaf88f7e278fd9a0910
- SHA1
  
  e968121376c44d3a52a42281a4679eddd1a9a199
- SHA256
  
  dc5c92e43766184c98f47737d13f41cda2a04fc5cb4f7aa6e7341ee9f8428462
- SHA512
  
  1edacf0d60c906332549c9b93b340030d17ec39351cd277fa7c9fc9278ba0bf13c5325896e776b0f745d3ad9228bf909e4e33d9e07582ab52268f6acfa05b6b7
- SSDEEP
  
  24576:m/o9iBRudBYZb/WqWletdadgndrqnq/wKkVW/:YRuEbeqWYMqnFY2IW/
Score

10^/10

qakbot tr 1634905513 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbottr1634905513bankerdiscoverystealertrojan

behavioral2

qakbottr1634905513bankerdiscoverystealertrojan