Overview

overview

10

Static

static

9

9c76a29d93...fd.exe

windows7_x64

10

9c76a29d93...fd.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c76a29d9349d21165a916b11ded6139a3cc066d3c59880a5b9016d42ea948fd

  • Size

    2.4MB

  • Sample

    220205-ph9sfabebl

  • MD5

    0f72869956627879b0ae5bbf36458d4e

  • SHA1

    7d54df00b0132c05551f077cdd9264d1b9f5cbad

  • SHA256

    9c76a29d9349d21165a916b11ded6139a3cc066d3c59880a5b9016d42ea948fd

  • SHA512

    d6f1ec2c6a6bfbafed2190bfc5fb2907df4f3e824f9dcfcf1e924e9873ebd4d9665b10b64a7ba53088c90fe0266e424d9cc4f172653d96f852b8edbc86f21652

Score
10/10
qakbotspx911586271924bankercryptonepackerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.75

Botnet

spx91

Campaign

1586271924

C2

95.77.223.148:443

68.14.210.246:22

151.205.102.42:443

80.11.10.151:990

24.32.119.146:443

173.69.58.179:443

78.96.245.58:443

172.78.87.180:443

173.3.106.172:2222

207.144.193.210:443

47.134.5.231:443

72.142.106.198:465

108.56.213.203:443

172.251.50.199:443

74.109.200.208:443

108.227.161.27:995

98.13.0.128:443

79.113.219.121:443

84.247.55.190:443

80.14.209.42:2222

Targets

    • Target

      9c76a29d9349d21165a916b11ded6139a3cc066d3c59880a5b9016d42ea948fd

    • Size

      2.4MB

    • MD5

      0f72869956627879b0ae5bbf36458d4e

    • SHA1

      7d54df00b0132c05551f077cdd9264d1b9f5cbad

    • SHA256

      9c76a29d9349d21165a916b11ded6139a3cc066d3c59880a5b9016d42ea948fd

    • SHA512

      d6f1ec2c6a6bfbafed2190bfc5fb2907df4f3e824f9dcfcf1e924e9873ebd4d9665b10b64a7ba53088c90fe0266e424d9cc4f172653d96f852b8edbc86f21652

    Score
    10/10
    qakbotspx911586271924bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks