qakbot | 8d46e2e8a6a55f0dc7a31d3c93d8d4087b83c228ced43347195a406a6c961898 | Triage

Sharing

General

Target

8d46e2e8a6a55f0dc7a31d3c93d8d4087b83c228ced43347195a406a6c961898
Size

2.1MB
Sample

220205-qal7vabhap
MD5

d968b4e071f8c4fc67f4b281280774f0
SHA1

4ad4ed0bda3d9d3d6c82ea486e41cc8a8142a02e
SHA256

8d46e2e8a6a55f0dc7a31d3c93d8d4087b83c228ced43347195a406a6c961898
SHA512

bf74927e107156553c6f3dfd082086fe383cb02d8ce6c645712af6b8cd66d014601d4b6a44e53f78346c955b23001e743b5ea64c08cb45ae606b88e2a59f223d

Score

10^/10

qakbot spx90 1586180537 banker cryptone packer stealer trojan

Malware Config

Extracted

Family

qakbot

Version

324.75

Botnet

spx90

Campaign

1586180537

C2

79.113.218.134:443

71.77.231.251:443

89.43.136.239:443

72.36.59.46:2222

76.30.66.244:443

73.163.242.114:443

173.216.174.39:443

70.95.94.91:2078

208.126.142.17:443

216.152.7.12:443

172.87.134.226:443

71.58.21.235:443

173.62.161.126:443

184.21.151.81:995

208.93.202.49:443

206.183.190.53:995

69.123.179.70:443

63.155.135.211:995

72.209.191.27:443

73.184.218.146:443

Targets

- Target
  
  8d46e2e8a6a55f0dc7a31d3c93d8d4087b83c228ced43347195a406a6c961898
- Size
  
  2.1MB
- MD5
  
  d968b4e071f8c4fc67f4b281280774f0
- SHA1
  
  4ad4ed0bda3d9d3d6c82ea486e41cc8a8142a02e
- SHA256
  
  8d46e2e8a6a55f0dc7a31d3c93d8d4087b83c228ced43347195a406a6c961898
- SHA512
  
  bf74927e107156553c6f3dfd082086fe383cb02d8ce6c645712af6b8cd66d014601d4b6a44e53f78346c955b23001e743b5ea64c08cb45ae606b88e2a59f223d
Score

10^/10

qakbot spx90 1586180537 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotspx901586180537bankerstealertrojan

behavioral2

qakbotspx901586180537bankerstealertrojan