Overview

overview

10

Static

static

9

6ab95a6345...40.exe

windows7_x64

10

6ab95a6345...40.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ab95a6345fc46cb486d22244899992edd90a57c45119d0fc9d6410d9536fb40

  • Size

    1.8MB

  • Sample

    220201-glcywahfdk

  • MD5

    433bea4a6d1ceb623c9e1541ec0b2cd1

  • SHA1

    e265b6e279b7feb45e3ae8dbc58e93ed5b281ade

  • SHA256

    6ab95a6345fc46cb486d22244899992edd90a57c45119d0fc9d6410d9536fb40

  • SHA512

    2c1149768d6f95e469a47ffe5965d28c20dfad3094c7266387b7e6aaefdc073d2f9c728e34957a64707861c232bc5eaa818b1466bb9d18c6722214f8ea9b31e4

Score
10/10
qakbotspx841585124895bankercryptonepackerpersistencestealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.70

Botnet

spx84

Campaign

1585124895

C2

99.228.5.106:995

71.241.247.189:443

173.245.152.231:443

79.113.219.121:443

24.44.180.236:2222

80.11.10.151:990

78.96.148.177:443

75.137.60.81:443

68.46.142.48:995

24.32.119.146:443

35.143.248.234:443

35.142.24.147:2222

71.68.197.202:995

96.57.237.162:443

74.138.18.247:443

174.110.39.220:443

62.231.93.154:443

70.164.39.91:443

74.194.4.181:443

67.190.189.217:443

Targets

    • Target

      6ab95a6345fc46cb486d22244899992edd90a57c45119d0fc9d6410d9536fb40

    • Size

      1.8MB

    • MD5

      433bea4a6d1ceb623c9e1541ec0b2cd1

    • SHA1

      e265b6e279b7feb45e3ae8dbc58e93ed5b281ade

    • SHA256

      6ab95a6345fc46cb486d22244899992edd90a57c45119d0fc9d6410d9536fb40

    • SHA512

      2c1149768d6f95e469a47ffe5965d28c20dfad3094c7266387b7e6aaefdc073d2f9c728e34957a64707861c232bc5eaa818b1466bb9d18c6722214f8ea9b31e4

    Score
    10/10
    qakbotspx841585124895bankerstealertrojanpersistence

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks