Overview

overview

10

Static

static

9

80dd8f90de...38.exe

windows7_x64

10

80dd8f90de...38.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    80dd8f90de73b1ae6f34778f8ff20918e05039948b902eda2c63690c52563f38

  • Size

    2.0MB

  • Sample

    220205-qx416sbhb8

  • MD5

    572101f0444c14321dcc84e76deb007a

  • SHA1

    749f7e2d4abacfed250177ab104e841553afdaaf

  • SHA256

    80dd8f90de73b1ae6f34778f8ff20918e05039948b902eda2c63690c52563f38

  • SHA512

    28eca73093d8c8c8e9a6aec60c08aa4dd42ee98f1e547fe51cc4a83a296a58bf325a23cac89ce8e8f26b54e35506b660699ab9637ab7fab74ccd97588b54de3b

Score
10/10
qakbotspx1061588083274bankercryptonepackerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.127

Botnet

spx106

Campaign

1588083274

C2

5.2.149.216:443

5.182.39.156:443

156.222.184.101:995

208.126.142.17:443

108.21.54.174:443

74.129.26.223:443

72.204.242.138:443

87.65.204.240:995

136.228.103.44:443

92.114.85.210:995

184.180.157.203:2222

72.142.106.198:995

151.205.102.42:443

172.78.181.79:443

72.181.15.240:443

186.29.97.27:443

98.243.187.85:443

137.99.224.198:443

108.21.107.203:443

97.81.255.189:443

Targets

    • Target

      80dd8f90de73b1ae6f34778f8ff20918e05039948b902eda2c63690c52563f38

    • Size

      2.0MB

    • MD5

      572101f0444c14321dcc84e76deb007a

    • SHA1

      749f7e2d4abacfed250177ab104e841553afdaaf

    • SHA256

      80dd8f90de73b1ae6f34778f8ff20918e05039948b902eda2c63690c52563f38

    • SHA512

      28eca73093d8c8c8e9a6aec60c08aa4dd42ee98f1e547fe51cc4a83a296a58bf325a23cac89ce8e8f26b54e35506b660699ab9637ab7fab74ccd97588b54de3b

    Score
    10/10
    qakbotspx1061588083274bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks