Overview

overview

10

Static

static

f28ce29453...30.exe

windows7-x64

10

f28ce29453...30.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f28ce294538fb56d8aff8077b149541bea56d8166d84c6e79cd0d9903f566b30

  • Size

    717KB

  • Sample

    220724-vbx3ysbcf2

  • MD5

    4b6accb73061345ed143f01d6199fc95

  • SHA1

    4c157859670b75b6abc5a09715a0ff0b7f028f55

  • SHA256

    f28ce294538fb56d8aff8077b149541bea56d8166d84c6e79cd0d9903f566b30

  • SHA512

    8fd4948a04a0a5f74ee6b74599bc3a1840d8e1369bf436eb9f854d611e9a0ce60d5a8fa5b4775c916cfb7f6db04c437b2cff18355e354ae590405349629aa68c

Score
10/10
qakbotspx351573827297bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

323.91

Botnet

spx35

Campaign

1573827297

C2

71.77.231.251:443

76.116.128.81:443

108.5.34.128:443

75.110.90.155:443

181.126.80.118:443

62.103.70.217:995

207.237.1.152:443

47.202.98.230:443

63.224.81.92:995

74.33.70.14:443

81.103.144.77:443

75.142.59.167:443

104.173.119.54:2222

190.198.47.65:443

72.255.200.129:2222

73.137.187.150:443

24.203.221.252:2222

71.182.142.63:443

72.142.106.198:465

173.52.119.247:443

Targets

    • Target

      f28ce294538fb56d8aff8077b149541bea56d8166d84c6e79cd0d9903f566b30

    • Size

      717KB

    • MD5

      4b6accb73061345ed143f01d6199fc95

    • SHA1

      4c157859670b75b6abc5a09715a0ff0b7f028f55

    • SHA256

      f28ce294538fb56d8aff8077b149541bea56d8166d84c6e79cd0d9903f566b30

    • SHA512

      8fd4948a04a0a5f74ee6b74599bc3a1840d8e1369bf436eb9f854d611e9a0ce60d5a8fa5b4775c916cfb7f6db04c437b2cff18355e354ae590405349629aa68c

    Score
    10/10
    qakbotspx351573827297bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks