Overview

overview

10

Static

static

9

fbbc4c6de7...2f.exe

windows7_x64

10

fbbc4c6de7...2f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbbc4c6de7c45be1ffa34a2f4dbfc54961ee7e58dff713cd16dad2ada5259e2f

  • Size

    1.9MB

  • Sample

    220205-jgnkxshbd8

  • MD5

    ec2f6d0e7b9a8bd4ca618e61c3d3d9db

  • SHA1

    d6bf27fcc06fb9115b9be9d1b649218689bee97c

  • SHA256

    fbbc4c6de7c45be1ffa34a2f4dbfc54961ee7e58dff713cd16dad2ada5259e2f

  • SHA512

    9b1762e5dae681d20471b926960ae3d4ac8ca65bdde47bb98ebf491770f960a31b333244d9113812d98bbf8e8fc848baf3a802a2a73fd02b2f29e6237b915613

Score
10/10
qakbotspx1091588257690bankercryptonepackerpersistencestealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.136

Botnet

spx109

Campaign

1588257690

C2

68.204.164.222:443

47.185.134.79:443

31.5.21.66:443

24.27.82.216:2222

178.193.33.121:2222

96.250.113.218:443

148.75.231.53:443

50.89.14.94:443

50.108.212.180:443

184.57.17.74:443

58.108.188.231:443

47.41.3.40:443

47.39.177.171:2222

47.136.224.60:443

72.29.181.77:2078

94.53.92.42:443

108.227.161.27:995

203.33.139.134:443

72.204.242.138:443

47.180.66.10:443

Targets

    • Target

      fbbc4c6de7c45be1ffa34a2f4dbfc54961ee7e58dff713cd16dad2ada5259e2f

    • Size

      1.9MB

    • MD5

      ec2f6d0e7b9a8bd4ca618e61c3d3d9db

    • SHA1

      d6bf27fcc06fb9115b9be9d1b649218689bee97c

    • SHA256

      fbbc4c6de7c45be1ffa34a2f4dbfc54961ee7e58dff713cd16dad2ada5259e2f

    • SHA512

      9b1762e5dae681d20471b926960ae3d4ac8ca65bdde47bb98ebf491770f960a31b333244d9113812d98bbf8e8fc848baf3a802a2a73fd02b2f29e6237b915613

    Score
    10/10
    qakbotspx1091588257690bankerstealertrojanpersistence

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks