qakbot | f09e33589d864a663d7fbb1a71b3b24e406d435e6eb6498494f7a50c11b6137b | Triage

Sharing

General

Target

f09e33589d864a663d7fbb1a71b3b24e406d435e6eb6498494f7a50c11b6137b
Size

339KB
Sample

220316-zvzs4sgec7
MD5

2f8dcda4b6c61addd8bb8166f53a14fd
SHA1

f5741d98ded7cf672cb037d2aaa0f4f800168364
SHA256

f09e33589d864a663d7fbb1a71b3b24e406d435e6eb6498494f7a50c11b6137b
SHA512

3cf2ece7bc2186d170f35ac7b1a12f598340014354e654d02d29a0a273852e70fdbbf96943175ba093189acb3de4d4116472462fc47e0c5e932f4612054464ea

Score

10^/10

qakbot abc027 1604574287 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.59

Botnet

abc027

Campaign

1604574287

C2

93.86.252.177:995

184.98.97.227:995

188.25.24.21:2222

1.54.190.204:443

89.137.211.239:443

78.101.234.58:443

41.206.131.166:443

87.27.110.90:2222

47.44.217.98:443

197.45.110.165:995

217.133.54.140:32100

41.97.170.119:443

185.246.9.69:995

90.53.232.130:2222

72.186.1.237:443

144.139.230.139:443

86.164.27.33:2222

185.105.131.233:443

90.146.209.224:2222

108.46.145.30:443

Targets

- Target
  
  f09e33589d864a663d7fbb1a71b3b24e406d435e6eb6498494f7a50c11b6137b
- Size
  
  339KB
- MD5
  
  2f8dcda4b6c61addd8bb8166f53a14fd
- SHA1
  
  f5741d98ded7cf672cb037d2aaa0f4f800168364
- SHA256
  
  f09e33589d864a663d7fbb1a71b3b24e406d435e6eb6498494f7a50c11b6137b
- SHA512
  
  3cf2ece7bc2186d170f35ac7b1a12f598340014354e654d02d29a0a273852e70fdbbf96943175ba093189acb3de4d4116472462fc47e0c5e932f4612054464ea
Score

10^/10

qakbot abc027 1604574287 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotabc0271604574287bankerstealertrojan

behavioral2

qakbotabc0271604574287bankerstealertrojan