qakbot | d3220cd7725feffe76ab026ac3f11661d9f1aa6b04042a57897e8856399e3eef | Triage

Sharing

General

Target

d3220cd7725feffe76ab026ac3f11661d9f1aa6b04042a57897e8856399e3eef
Size

1.8MB
Sample

250116-jy4cps1qcl
MD5

e4e3767fd3a1b1f325c4074f501795ec
SHA1

13b2f0954773bd06eab8eeedfd88c6ff905061c5
SHA256

d3220cd7725feffe76ab026ac3f11661d9f1aa6b04042a57897e8856399e3eef
SHA512

42c274ef9a408863a56fe728cb5233cda1de4ba6c74dff4cdd32ef55627d0e7673599aa406b699f7bca1554d5eddd67b005beb0daf7dfff0b55acf322b585a13
SSDEEP

6144:bpIOAXjt4ni0WsAloYToJo9nKS2JX48hffTvzk:mtzanpYTP1KS8X48hfrzk

Score

10^/10

qakbot tr 1639042735 banker discovery evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.2

Botnet

tr

Campaign

1639042735

C2

190.73.3.148:2222

95.14.105.39:995

140.82.49.12:443

207.246.112.221:443

216.238.71.31:443

207.246.112.221:995

89.137.52.44:443

197.89.105.123:443

96.37.113.36:993

2.222.167.138:443

41.228.22.180:443

105.198.236.99:995

103.142.10.177:443

218.101.110.3:995

202.163.113.56:995

186.64.87.197:443

102.65.38.67:443

117.248.109.38:21

31.215.98.160:443

89.101.97.139:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  d3220cd7725feffe76ab026ac3f11661d9f1aa6b04042a57897e8856399e3eef
- Size
  
  1.8MB
- MD5
  
  e4e3767fd3a1b1f325c4074f501795ec
- SHA1
  
  13b2f0954773bd06eab8eeedfd88c6ff905061c5
- SHA256
  
  d3220cd7725feffe76ab026ac3f11661d9f1aa6b04042a57897e8856399e3eef
- SHA512
  
  42c274ef9a408863a56fe728cb5233cda1de4ba6c74dff4cdd32ef55627d0e7673599aa406b699f7bca1554d5eddd67b005beb0daf7dfff0b55acf322b585a13
- SSDEEP
  
  6144:bpIOAXjt4ni0WsAloYToJo9nKS2JX48hffTvzk:mtzanpYTP1KS8X48hfrzk
Score

10^/10

qakbot tr 1639042735 banker discovery evasion stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbottr1639042735bankerdiscoveryevasionstealertrojan

behavioral2

qakbottr1639042735bankerdiscoveryevasionstealertrojan