Overview

overview

10

Static

static

9

ea29b83254...33.exe

windows7_x64

10

ea29b83254...33.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea29b8325436ef52d94bcf82442ddf1af4210087d4872c1f0c22e46826390f33

  • Size

    2.1MB

  • Sample

    220205-kevf5ahef5

  • MD5

    bf6608b3969388a44aec67f8757ccb00

  • SHA1

    6fe04c4f41c68ef2bbea46dcafaf5947190052d3

  • SHA256

    ea29b8325436ef52d94bcf82442ddf1af4210087d4872c1f0c22e46826390f33

  • SHA512

    d92b25935334a9a1d6987c90b8f17af7d3ff53c211d45dff30a9a6da141609339e7945b810cf2c6f5cff8d468834c5fe3e28427335c3766d1d3df41654fce561

Score
10/10
qakbotspx911586289193bankercryptonepackerpersistencestealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.75

Botnet

spx91

Campaign

1586289193

C2

173.173.1.164:443

70.62.160.186:6883

68.41.60.225:443

100.40.48.96:443

73.192.209.168:443

93.114.89.119:995

64.19.74.29:995

73.60.148.209:443

66.26.160.37:443

97.96.51.117:443

5.13.221.230:443

68.174.9.179:443

73.137.187.150:443

24.37.178.158:443

47.136.224.60:443

68.39.177.147:995

176.223.46.147:443

72.29.181.77:2078

68.174.15.223:443

50.29.181.193:995

Targets

    • Target

      ea29b8325436ef52d94bcf82442ddf1af4210087d4872c1f0c22e46826390f33

    • Size

      2.1MB

    • MD5

      bf6608b3969388a44aec67f8757ccb00

    • SHA1

      6fe04c4f41c68ef2bbea46dcafaf5947190052d3

    • SHA256

      ea29b8325436ef52d94bcf82442ddf1af4210087d4872c1f0c22e46826390f33

    • SHA512

      d92b25935334a9a1d6987c90b8f17af7d3ff53c211d45dff30a9a6da141609339e7945b810cf2c6f5cff8d468834c5fe3e28427335c3766d1d3df41654fce561

    Score
    10/10
    qakbotspx911586289193bankerstealertrojanpersistence

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks