qakbot | f135cb54cc49b06b0a661d52c50894ea6e42140a5e0316dc721e47c105b4043b

General

Target

aywhibo.exe.7z
Size

238KB
Sample

201125-hek1aycxe6
MD5

a9c6e926ca85f8ec46f09b019eb53dbc
SHA1

423a3b93d7b1542a1e8115983a3400544bae328e
SHA256

f135cb54cc49b06b0a661d52c50894ea6e42140a5e0316dc721e47c105b4043b
SHA512

4f07588c0850890b15b1d16936858081a05f04aa5af31cd9911779db22f19c00b2eba9553ce4e7bd23670ded2e09c643283a1d5f4fe17687f1f32f355154ed47

Score

10^/10

Malware Config

Extracted

Family

qakbot

Botnet

abc023

Campaign

1603362336

C2

207.246.75.201:443

93.86.1.140:995

78.96.199.79:443

185.246.9.69:995

80.14.209.42:2222

72.186.1.237:443

92.59.35.196:2222

45.32.154.10:443

74.129.26.119:443

186.6.196.12:443

5.13.69.214:443

80.240.26.178:443

203.198.96.200:443

108.31.15.10:995

86.98.89.139:2222

156.213.186.133:443

72.36.59.46:2222

5.193.181.221:2078

59.99.39.32:443

108.46.145.30:443

Targets

- Target
  
  nosto.exe
- Size
  
  1.3MB
- MD5
  
  c5b92b47eeb6372edb232deae1bf47d7
- SHA1
  
  7034a52f0ebc2fd0b38c130b229902e33a02c5ed
- SHA256
  
  6f5801587baf461e5a67f49bc6f4b400a8f458dc223f4d3ec9e2eafd9b062f5f
- SHA512
  
  e82535143ad12e85ee58b515c536f43a60c6324b79bfad304ac9f19c77ebb6eabd1604cf5d7fb0b8f7bb557ca2cfa11d564bf1d86063c662f3b124eb9c31f9ce
Score

10^/10

qakbot abc023 1603362336 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2