Overview

overview

10

Static

static

9

a37c691c61...ba.exe

windows7_x64

10

a37c691c61...ba.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a37c691c61c3fbd78f0ed5b2c67430a787d886e46deba2eb222e2412f8bf48ba

  • Size

    1.9MB

  • Sample

    220226-h1mx3abbcm

  • MD5

    53e91acf733dc0c8179b1a8f8096677b

  • SHA1

    c1d2bb7cc843f398ba30728f7b0c6c81fcdbc605

  • SHA256

    a37c691c61c3fbd78f0ed5b2c67430a787d886e46deba2eb222e2412f8bf48ba

  • SHA512

    f6d085438ea1186759463b6f5472304ba71362bd8833149708288d003534be96abe4dd0325a288ca35417b7180756fd4116f3a303f30cf9413e2e3d176534644

Score
10/10
qakbotspx1091588257690bankercryptonepackerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.136

Botnet

spx109

Campaign

1588257690

C2

68.204.164.222:443

47.185.134.79:443

31.5.21.66:443

24.27.82.216:2222

178.193.33.121:2222

96.250.113.218:443

148.75.231.53:443

50.89.14.94:443

50.108.212.180:443

184.57.17.74:443

58.108.188.231:443

47.41.3.40:443

47.39.177.171:2222

47.136.224.60:443

72.29.181.77:2078

94.53.92.42:443

108.227.161.27:995

203.33.139.134:443

72.204.242.138:443

47.180.66.10:443

Targets

    • Target

      a37c691c61c3fbd78f0ed5b2c67430a787d886e46deba2eb222e2412f8bf48ba

    • Size

      1.9MB

    • MD5

      53e91acf733dc0c8179b1a8f8096677b

    • SHA1

      c1d2bb7cc843f398ba30728f7b0c6c81fcdbc605

    • SHA256

      a37c691c61c3fbd78f0ed5b2c67430a787d886e46deba2eb222e2412f8bf48ba

    • SHA512

      f6d085438ea1186759463b6f5472304ba71362bd8833149708288d003534be96abe4dd0325a288ca35417b7180756fd4116f3a303f30cf9413e2e3d176534644

    Score
    10/10
    qakbotspx1091588257690bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks