qakbot | 83228e73a72ecbd4f3546fa6842685b1727cee6f4e95a220d1de0bd0a212d504 | Triage

Sharing

General

Target

83228e73a72ecbd4f3546fa6842685b1727cee6f4e95a220d1de0bd0a212d504.zip
Size

137KB
Sample

250326-rhlrqaykw5
MD5

269d945aa9ec441d22cb143f15d8a1b1
SHA1

b0da009c4cdf0d68dc39c8e437b7229067b9d7c5
SHA256

83228e73a72ecbd4f3546fa6842685b1727cee6f4e95a220d1de0bd0a212d504
SHA512

2262c856175cf711d945c7c23bc47b8d6cd90518ed5f05619b3e015e7d80f32186bc13f42b3495241def6de3bc696490bcaaf355e330707c66750acf1147f560
SSDEEP

3072:D4ZQWptYtZGbxofffPEYmpwrBppkXEC3rhtyrT9pZfGB+wehp55z:D83YtZGbcFmpwrBppgEC3tGTNYehp5h

Score

10^/10

qakbot tr02 1606301054 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.29

Botnet

tr02

Campaign

1606301054

C2

59.98.96.143:443

86.122.248.164:2222

101.185.175.169:2222

71.187.170.235:443

92.59.35.196:2222

188.52.193.110:995

90.175.88.99:2222

37.107.111.46:995

96.237.141.134:995

2.50.143.154:2078

109.205.204.229:2222

90.101.62.189:2222

41.228.220.155:443

190.128.215.174:443

188.26.243.119:443

79.113.247.80:443

82.76.47.211:443

73.248.120.240:443

72.36.59.46:2222

74.129.26.119:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  9f6165d02388019c2daed164f8b370c4b5e05e578d8577000e92ea7fb8a2792c.exe
- Size
  
  218KB
- MD5
  
  6df11833dfab2dace88ef653fc233682
- SHA1
  
  731471339f2fcf74b5c41f6d20f307cf17decd45
- SHA256
  
  9f6165d02388019c2daed164f8b370c4b5e05e578d8577000e92ea7fb8a2792c
- SHA512
  
  00db303187620a6e1af951831be4fcfb5ffd0fed35e16c1a6887bf81ecb008689355905b785358b2dfd60e5d93154f3546dba8721299c7dea14fcfa9deedf5d9
- SSDEEP
  
  3072:HF7qHp3Uf2qMejJlm6KpgwR3I2rV0IDlRr20oiu+LporgeCQOriDiXRdZ16QilHo:l7MpNqtjJQ3p0IDXr2026orBCfiOXR
Score

10^/10

qakbot tr02 1606301054 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbottr021606301054bankerdiscoverystealertrojan

behavioral2

qakbottr021606301054bankerdiscoverystealertrojan