Overview

overview

10

Static

static

9

e48c6802b9...44.exe

windows7_x64

10

e48c6802b9...44.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e48c6802b94dcbe41c11188684ed0d7e0d73238ff637707eb1e3a639b7834044

  • Size

    2.1MB

  • Sample

    220205-kqcepahff5

  • MD5

    385778b6bbc6fef3c2a4b81d0eac1ca4

  • SHA1

    5874448a6c4a69abce0247407608763bbb02085d

  • SHA256

    e48c6802b94dcbe41c11188684ed0d7e0d73238ff637707eb1e3a639b7834044

  • SHA512

    e2bf4282604fdfdf860662240c44c25d03997ab602219e27f06fda53ceaf80fd7637063175386beda6a6cd3ebefb016f4d7d013a3b061d058239e4731f881f57

Score
10/10
qakbotspx891585917777bankercryptonepackerpersistencestealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.75

Botnet

spx89

Campaign

1585917777

C2

66.44.96.184:443

185.145.113.249:443

87.65.204.240:995

68.174.9.179:443

97.127.144.203:2222

76.180.69.236:443

24.234.86.201:995

188.173.185.139:443

83.25.10.201:2222

93.114.115.146:443

24.201.79.208:2078

65.116.179.83:443

5.70.173.217:443

207.155.106.187:443

5.14.187.133:443

73.163.242.114:443

84.117.60.157:443

90.192.191.3:443

100.33.132.135:443

96.232.203.15:443

Targets

    • Target

      e48c6802b94dcbe41c11188684ed0d7e0d73238ff637707eb1e3a639b7834044

    • Size

      2.1MB

    • MD5

      385778b6bbc6fef3c2a4b81d0eac1ca4

    • SHA1

      5874448a6c4a69abce0247407608763bbb02085d

    • SHA256

      e48c6802b94dcbe41c11188684ed0d7e0d73238ff637707eb1e3a639b7834044

    • SHA512

      e2bf4282604fdfdf860662240c44c25d03997ab602219e27f06fda53ceaf80fd7637063175386beda6a6cd3ebefb016f4d7d013a3b061d058239e4731f881f57

    Score
    10/10
    qakbotspx891585917777bankerstealertrojanpersistence

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks