qakbot | 38599e13fad348178a4835230e1ab11e8bfeadd6b71914674a49ce8d67e758b5 | Triage

Sharing

General

Target

38599e13fad348178a4835230e1ab11e8bfeadd6b71914674a49ce8d67e758b5.zip
Size

163KB
Sample

250325-w7xyhatqt3
MD5

16785ea09822220be989948ae37925e9
SHA1

6bf5e73e072fdff8017f548e261a811296730a64
SHA256

38599e13fad348178a4835230e1ab11e8bfeadd6b71914674a49ce8d67e758b5
SHA512

b74ab3e3f52200a4a9e45899262dd2f07cc79ddb032aaee42fec7d41001b922c2273e05e92b4b15839d06072bb34fd11fe05d2a114864e6f9baf74dcfc7fd8a2
SSDEEP

3072:ULVBnXupfMLfJmbWdG/O/IlmCNFIqCZzNNz2NrRxpL0Nr9XGVDPi:ULVBn8axTdU8nd2NrRsNrlG0

Score

10^/10

qakbot tr02 1606301054 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.29

Botnet

tr02

Campaign

1606301054

C2

59.98.96.143:443

86.122.248.164:2222

101.185.175.169:2222

71.187.170.235:443

92.59.35.196:2222

188.52.193.110:995

90.175.88.99:2222

37.107.111.46:995

96.237.141.134:995

2.50.143.154:2078

109.205.204.229:2222

90.101.62.189:2222

41.228.220.155:443

190.128.215.174:443

188.26.243.119:443

79.113.247.80:443

82.76.47.211:443

73.248.120.240:443

72.36.59.46:2222

74.129.26.119:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  ba25af3aa1f14cd574b5f8d43867a0be53d2df9f6fe37116da6dd05446296fb7.exe
- Size
  
  271KB
- MD5
  
  a88f4c170e11eda9a789765001a84fb1
- SHA1
  
  b274da255232e48ab19e9b478f29ffd54f885a76
- SHA256
  
  ba25af3aa1f14cd574b5f8d43867a0be53d2df9f6fe37116da6dd05446296fb7
- SHA512
  
  f5cd24cfd484d0ab54b7b0d0115005ab808d4bdde446380a2d2e9ab5a3f29265152e9139ba79fe8844be658afc7d41641ba71fa4f0fe050db4315d1055c3cf70
- SSDEEP
  
  6144:7pkLOv3+LLDCtR2GxMJ1qeCIHU5aSFRFwmpm4+8S197/vznolZVESTlZV:GLeY6RxM7qhI05Bzwm0N9DvLGtJb
Score

10^/10

qakbot tr02 1606301054 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbottr021606301054bankerdiscoverystealertrojan

behavioral2

qakbottr021606301054bankerdiscoverystealertrojan