qakbot | 78066e01a233c2561c5e79448c21685bc81b2979934af79467dadddda8ffd622 | Triage

Sharing

General

Target

78066e01a233c2561c5e79448c21685bc81b2979934af79467dadddda8ffd622.zip
Size

122KB
Sample

250326-nfr9yasthv
MD5

05ed40bd5036f69c0aafa06026f74515
SHA1

fefa5261f1f0c18b92581000e4da5907365bb0a1
SHA256

78066e01a233c2561c5e79448c21685bc81b2979934af79467dadddda8ffd622
SHA512

37d75191bc7aa0b6986885fd524f02ed7e78c7ec7be79e4dbeafaefe0e053285405e49112f162916bc6d62a09a42cfaf68f9bd85c612a52fde6fb265e747921a
SSDEEP

3072:/utCCQFVRKqCQX4WnOwwFtZMow8bWUsgwYrkJlnvKj:/n6qRXLnVwFsmbWUsgfMvKj

Score

10^/10

qakbot abc101 1606294013 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.29

Botnet

abc101

Campaign

1606294013

C2

98.115.243.237:443

78.101.21.73:443

185.163.221.77:2222

2.51.246.190:995

2.50.2.11:995

175.137.79.81:443

42.201.228.106:995

185.246.9.69:995

81.133.234.36:2222

24.205.42.241:443

73.239.229.107:995

102.185.58.126:443

173.245.152.231:443

105.101.216.210:443

89.137.195.167:995

174.76.21.134:443

41.238.217.126:6881

47.138.204.19:443

79.166.83.103:2222

92.154.83.96:1194

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  53df5bb98b96c6a2be5ff6236ab930d8ae6e7ecff953adec7e93c3978c9a81d7.dll
- Size
  
  255KB
- MD5
  
  bc8dd25bce1344119cbe6797088e0c5d
- SHA1
  
  91bdbb0dd6d811d0fdb36c664411feda5e282137
- SHA256
  
  53df5bb98b96c6a2be5ff6236ab930d8ae6e7ecff953adec7e93c3978c9a81d7
- SHA512
  
  b379d317a3e66a5eb0b9f6fa119f00ea97a1db5361de3f23669ecf845095c050a0b1cd2dff4e2ce448f8b86eead9e1804985a6e4ea8d1c54914a729b2e37be4e
- SSDEEP
  
  3072:G3BNzcIx2gLs5VVnvQYyLTUQHPH3MkKiXy4o+4z774L4yFpeQjLrmzht3WaM0X:GfXgB9yLTUQvH3nKiXtozvYpewrkRMI
Score

10^/10

qakbot abc101 1606294013 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc1011606294013bankerdiscoverystealertrojan

behavioral2

qakbotabc1011606294013bankerdiscoverystealertrojan