Overview

overview

10

Static

static

9

7d0c24f18b...ca.exe

windows7_x64

10

7d0c24f18b...ca.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7d0c24f18bca32543e2cc64b352c7e3e74ec77b2922b66a006ae92238cd01bca

  • Size

    2.6MB

  • Sample

    220211-tkatcaedhj

  • MD5

    14c29c6a94f9b6aa43bbcf586dec1fb9

  • SHA1

    449f2b10320115e98b182204a4376ddc669e1369

  • SHA256

    7d0c24f18bca32543e2cc64b352c7e3e74ec77b2922b66a006ae92238cd01bca

  • SHA512

    9b8be89d317e023705f5264b4abe9736ab49c61da12beed65b5e897c6e673b713e1e7980026d670f23e75a6a356bde786df3531b69dc0ccaa2585c0ed04fc0b1

Score
10/10
qakbotspx1451592822522bankercryptonepackerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.142

Botnet

spx145

Campaign

1592822522

C2

79.115.207.120:443

156.213.80.140:443

189.160.203.110:443

71.114.39.220:443

189.236.166.167:443

193.248.44.2:2222

206.51.202.106:50003

24.152.219.253:995

2.50.47.97:2222

108.49.221.180:443

207.246.75.201:443

80.240.26.178:443

199.247.16.80:443

207.255.161.8:2222

69.92.54.95:995

199.247.22.145:443

2.50.171.142:443

24.110.14.40:3389

79.101.130.104:995

94.52.160.116:443

Targets

    • Target

      7d0c24f18bca32543e2cc64b352c7e3e74ec77b2922b66a006ae92238cd01bca

    • Size

      2.6MB

    • MD5

      14c29c6a94f9b6aa43bbcf586dec1fb9

    • SHA1

      449f2b10320115e98b182204a4376ddc669e1369

    • SHA256

      7d0c24f18bca32543e2cc64b352c7e3e74ec77b2922b66a006ae92238cd01bca

    • SHA512

      9b8be89d317e023705f5264b4abe9736ab49c61da12beed65b5e897c6e673b713e1e7980026d670f23e75a6a356bde786df3531b69dc0ccaa2585c0ed04fc0b1

    Score
    10/10
    qakbotspx1451592822522bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks