Overview

overview

10

Static

static

9

3ecd55301b...f1.exe

windows7_x64

10

3ecd55301b...f1.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ecd55301b2b3d6869445d41511060cb389a08d654ce351a6b820e7bf2dbd0f1

  • Size

    2.3MB

  • Sample

    220205-t35rfadcf5

  • MD5

    ca59d88a85cc88a9417952aec7d86226

  • SHA1

    fcba597c6d461c0fc6073d1f0bde55d504f24dd7

  • SHA256

    3ecd55301b2b3d6869445d41511060cb389a08d654ce351a6b820e7bf2dbd0f1

  • SHA512

    2dfe9065916098f8e13285cbbd5e748e19285078e6f5ec554499e0b78a7804a94e7ae4b0d2b39f7fef7d4923786cb55491ded9139466e7b920eb97c33ead7b6a

Score
10/10
qakbotspx961586873043bankercryptonepackerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.127

Botnet

spx96

Campaign

1586873043

C2

72.209.191.27:443

173.22.120.11:2222

108.227.161.27:995

172.87.134.226:443

181.197.195.138:995

98.21.52.194:443

76.180.69.236:443

68.98.142.248:443

68.52.164.175:443

39.59.63.142:995

35.142.126.181:443

96.35.170.82:2222

75.111.145.5:443

47.214.144.253:443

74.105.139.160:443

67.8.103.21:443

50.108.212.180:443

83.25.7.201:2222

188.25.237.208:443

184.167.2.251:2222

Targets

    • Target

      3ecd55301b2b3d6869445d41511060cb389a08d654ce351a6b820e7bf2dbd0f1

    • Size

      2.3MB

    • MD5

      ca59d88a85cc88a9417952aec7d86226

    • SHA1

      fcba597c6d461c0fc6073d1f0bde55d504f24dd7

    • SHA256

      3ecd55301b2b3d6869445d41511060cb389a08d654ce351a6b820e7bf2dbd0f1

    • SHA512

      2dfe9065916098f8e13285cbbd5e748e19285078e6f5ec554499e0b78a7804a94e7ae4b0d2b39f7fef7d4923786cb55491ded9139466e7b920eb97c33ead7b6a

    Score
    10/10
    qakbotspx961586873043bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks