qakbot | f0f7296b57e18890dd0245b22661a04fd1798d0d45b90b91c540f71b99f4b8bb | Triage

Sharing

General

Target

f0f7296b57e18890dd0245b22661a04fd1798d0d45b90b91c540f71b99f4b8bbN.exe
Size

337KB
Sample

241216-srgd2avjgr
MD5

d42a0618bbbd8835b3ed1246e36fffa0
SHA1

c862d879023689452ba0019ad2c2d2c5861a87af
SHA256

f0f7296b57e18890dd0245b22661a04fd1798d0d45b90b91c540f71b99f4b8bb
SHA512

c3090b565b031dc4b6503c5fefd6596246f3bc80e97f5b37f987d343091330de3263a0004f35e329a9eb4d7f63a37bf98bc090d9c63d07eeeb97ab0652a155e4
SSDEEP

6144:inQU+LqGvHr0nNK11G9DMEeZa8POyKmLUyaViFwRus:9FrkNK11G9AEtMxQyOi67

Score

10^/10

qakbot abc106 1606896670 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.51

Botnet

abc106

Campaign

1606896670

C2

203.106.195.67:443

58.152.9.133:443

67.61.157.208:443

211.24.72.253:443

82.10.43.130:2222

200.75.136.78:443

120.159.238.185:2222

196.151.252.84:443

105.198.236.101:443

197.161.154.132:443

79.172.26.240:443

41.233.153.21:993

103.102.100.78:2222

82.223.205.216:443

90.23.117.67:2222

81.214.126.173:2222

95.56.177.11:995

217.128.117.218:2222

185.163.221.77:2222

120.151.95.167:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  f0f7296b57e18890dd0245b22661a04fd1798d0d45b90b91c540f71b99f4b8bbN.exe
- Size
  
  337KB
- MD5
  
  d42a0618bbbd8835b3ed1246e36fffa0
- SHA1
  
  c862d879023689452ba0019ad2c2d2c5861a87af
- SHA256
  
  f0f7296b57e18890dd0245b22661a04fd1798d0d45b90b91c540f71b99f4b8bb
- SHA512
  
  c3090b565b031dc4b6503c5fefd6596246f3bc80e97f5b37f987d343091330de3263a0004f35e329a9eb4d7f63a37bf98bc090d9c63d07eeeb97ab0652a155e4
- SSDEEP
  
  6144:inQU+LqGvHr0nNK11G9DMEeZa8POyKmLUyaViFwRus:9FrkNK11G9AEtMxQyOi67
Score

10^/10

qakbot abc106 1606896670 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc1061606896670bankerdiscoverystealertrojan

behavioral2

qakbotabc1061606896670bankerdiscoverystealertrojan