Overview

overview

10

Static

static

c5bb5c97f7...45.exe

windows7_x64

10

c5bb5c97f7...45.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c5bb5c97f766e1a5e90aafc7a64db8664e7e299c7c2021e502778b9a77763645

  • Size

    339KB

  • Sample

    220315-t4rwzabggk

  • MD5

    ad75a91cadf34fa5ce5f94a2e9e86b7e

  • SHA1

    6921139bb11122e2af329d61a2d5e8d61412e543

  • SHA256

    c5bb5c97f766e1a5e90aafc7a64db8664e7e299c7c2021e502778b9a77763645

  • SHA512

    9c36bee84f03b058415ba7ae0e64500b034663c7ba83aabf87edc627353b9f3fab5b53321303413c0638c6f31a83686514f7827cb418fd975c42f8394fd66fb9

Score
10/10
qakbotabc0271604574287bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

325.59

Botnet

abc027

Campaign

1604574287

C2

93.86.252.177:995

184.98.97.227:995

188.25.24.21:2222

1.54.190.204:443

89.137.211.239:443

78.101.234.58:443

41.206.131.166:443

87.27.110.90:2222

47.44.217.98:443

197.45.110.165:995

217.133.54.140:32100

41.97.170.119:443

185.246.9.69:995

90.53.232.130:2222

72.186.1.237:443

144.139.230.139:443

86.164.27.33:2222

185.105.131.233:443

90.146.209.224:2222

108.46.145.30:443

Targets

    • Target

      c5bb5c97f766e1a5e90aafc7a64db8664e7e299c7c2021e502778b9a77763645

    • Size

      339KB

    • MD5

      ad75a91cadf34fa5ce5f94a2e9e86b7e

    • SHA1

      6921139bb11122e2af329d61a2d5e8d61412e543

    • SHA256

      c5bb5c97f766e1a5e90aafc7a64db8664e7e299c7c2021e502778b9a77763645

    • SHA512

      9c36bee84f03b058415ba7ae0e64500b034663c7ba83aabf87edc627353b9f3fab5b53321303413c0638c6f31a83686514f7827cb418fd975c42f8394fd66fb9

    Score
    10/10
    qakbotabc0271604574287bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks