qakbot | 061d59735ea2397cbb2566ddb711d1ea73a79e5f171a6ed5f328c0d8b078c426 | Triage

Sharing

General

Target

061d59735ea2397cbb2566ddb711d1ea73a79e5f171a6ed5f328c0d8b078c426.zip
Size

245KB
Sample

250325-esf8rstry2
MD5

aab76cd4195fef809763c72944e6c2ff
SHA1

b0e9c28d4f1c4a59c1780c7991426c5a7643b959
SHA256

061d59735ea2397cbb2566ddb711d1ea73a79e5f171a6ed5f328c0d8b078c426
SHA512

4fb8c02ee6237da50ec84ce10e0b98184458dc81495ff4de265c9ebf9a36c3efec1fde032d8d7d50eba2c78cda7557b7fad83de920a969d3b8ecd0726e8538f9
SSDEEP

6144:enyEbzn4VwcCC8U5aVFXGfTNQtllCRtradvUeCwMx:eFbz44CzamfT2UrWvMwMx

Score

10^/10

qakbot abc101 1606331967 banker cryptone discovery packer stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.29

Botnet

abc101

Campaign

1606331967

C2

76.104.230.174:443

187.227.86.129:995

219.255.28.241:443

78.184.6.94:443

95.159.45.82:443

91.228.36.95:443

79.115.215.125:443

24.244.161.36:443

24.71.28.247:443

73.239.229.107:995

187.153.119.36:443

190.75.167.44:2222

83.110.111.159:443

174.76.21.134:443

75.109.180.221:443

85.122.141.42:995

156.222.6.246:995

188.24.183.193:443

88.106.237.152:2222

79.166.83.103:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  b69f17a7126bf24174e8d6cd594c5ebb28485db8e3943b0cebc5bf1225d6c6ae.dll
- Size
  
  2.9MB
- MD5
  
  e89659fd1e4d75378bdcabb91ffeb66c
- SHA1
  
  6652f62eccbc1c516ef5911b95ad5b3002a44a9c
- SHA256
  
  b69f17a7126bf24174e8d6cd594c5ebb28485db8e3943b0cebc5bf1225d6c6ae
- SHA512
  
  4a848205b0e2748df671959469119d457ab1674b4a3e1aa880ffbd4b374a646f9869e1d75cd1d3ed8f82f507a3447ba5785a6b5de09a296aa2ef647c74c8e8b5
- SSDEEP
  
  3072:18qk4FRozXKEI7jQC5VrmpL2zqpwAZpDpOal+r:18qkyT7jzGl22pbZJS
Score

10^/10

qakbot abc101 1606331967 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc1011606331967bankerdiscoverystealertrojan

behavioral2

qakbotabc1011606331967bankerdiscoverystealertrojan