Overview

overview

10

Static

static

10

5aced782db...1c.exe

windows7_x64

10

5aced782db...1c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5aced782db5c1f1978726ce961d805cd04dbe8d7e3f98c616bb3a21f3363021c

  • Size

    216KB

  • Sample

    220214-tssdcsbehm

  • MD5

    3139b7f8ce87be2f0c27263a115b945d

  • SHA1

    25ca6cd046c32a58e4579757bd5ca18771b03dd4

  • SHA256

    5aced782db5c1f1978726ce961d805cd04dbe8d7e3f98c616bb3a21f3363021c

  • SHA512

    143e628f43bf406407624245b9c2fcbad5988f36cbc52d39e822ee8738530d8e9a234ed0f95a555275975b78707a8f51ad6151531eb05302f3b052610a89ae79

Score
10/10
qakbotspx1331591267427bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.142

Botnet

spx133

Campaign

1591267427

C2

49.144.84.21:443

189.159.133.162:995

173.245.152.231:443

77.237.181.212:995

207.255.161.8:2078

76.187.8.160:443

207.255.161.8:2087

98.219.77.197:443

66.222.88.126:995

207.255.161.8:32102

108.58.9.238:995

47.152.210.233:443

1.40.42.4:443

188.27.71.163:443

82.127.193.151:2222

104.50.141.139:995

67.83.54.76:2222

86.126.97.183:2222

73.94.229.115:443

47.35.182.97:443

Targets

    • Target

      5aced782db5c1f1978726ce961d805cd04dbe8d7e3f98c616bb3a21f3363021c

    • Size

      216KB

    • MD5

      3139b7f8ce87be2f0c27263a115b945d

    • SHA1

      25ca6cd046c32a58e4579757bd5ca18771b03dd4

    • SHA256

      5aced782db5c1f1978726ce961d805cd04dbe8d7e3f98c616bb3a21f3363021c

    • SHA512

      143e628f43bf406407624245b9c2fcbad5988f36cbc52d39e822ee8738530d8e9a234ed0f95a555275975b78707a8f51ad6151531eb05302f3b052610a89ae79

    Score
    10/10
    qakbotbankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks