qakbot | 7d0c24f18bca32543e2cc64b352c7e3e74ec77b2922b66a006ae92238cd01bca | Triage

Sharing

General

Target

7d0c24f18bca32543e2cc64b352c7e3e74ec77b2922b66a006ae92238cd01bca
Size

2.6MB
Sample

220211-tkatcaedhj
MD5

14c29c6a94f9b6aa43bbcf586dec1fb9
SHA1

449f2b10320115e98b182204a4376ddc669e1369
SHA256

7d0c24f18bca32543e2cc64b352c7e3e74ec77b2922b66a006ae92238cd01bca
SHA512

9b8be89d317e023705f5264b4abe9736ab49c61da12beed65b5e897c6e673b713e1e7980026d670f23e75a6a356bde786df3531b69dc0ccaa2585c0ed04fc0b1

Score

10^/10

qakbot spx145 1592822522 banker cryptone packer stealer trojan

Malware Config

Extracted

Family

qakbot

Version

324.142

Botnet

spx145

Campaign

1592822522

C2

79.115.207.120:443

156.213.80.140:443

189.160.203.110:443

71.114.39.220:443

189.236.166.167:443

193.248.44.2:2222

206.51.202.106:50003

24.152.219.253:995

2.50.47.97:2222

108.49.221.180:443

207.246.75.201:443

80.240.26.178:443

199.247.16.80:443

207.255.161.8:2222

69.92.54.95:995

199.247.22.145:443

2.50.171.142:443

24.110.14.40:3389

79.101.130.104:995

94.52.160.116:443

Targets

- Target
  
  7d0c24f18bca32543e2cc64b352c7e3e74ec77b2922b66a006ae92238cd01bca
- Size
  
  2.6MB
- MD5
  
  14c29c6a94f9b6aa43bbcf586dec1fb9
- SHA1
  
  449f2b10320115e98b182204a4376ddc669e1369
- SHA256
  
  7d0c24f18bca32543e2cc64b352c7e3e74ec77b2922b66a006ae92238cd01bca
- SHA512
  
  9b8be89d317e023705f5264b4abe9736ab49c61da12beed65b5e897c6e673b713e1e7980026d670f23e75a6a356bde786df3531b69dc0ccaa2585c0ed04fc0b1
Score

10^/10

qakbot spx145 1592822522 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotspx1451592822522bankerstealertrojan

behavioral2

qakbotspx1451592822522bankerstealertrojan