qakbot | f28ce294538fb56d8aff8077b149541bea56d8166d84c6e79cd0d9903f566b30 | Triage

Sharing

General

Target

f28ce294538fb56d8aff8077b149541bea56d8166d84c6e79cd0d9903f566b30
Size

717KB
Sample

220724-vbx3ysbcf2
MD5

4b6accb73061345ed143f01d6199fc95
SHA1

4c157859670b75b6abc5a09715a0ff0b7f028f55
SHA256

f28ce294538fb56d8aff8077b149541bea56d8166d84c6e79cd0d9903f566b30
SHA512

8fd4948a04a0a5f74ee6b74599bc3a1840d8e1369bf436eb9f854d611e9a0ce60d5a8fa5b4775c916cfb7f6db04c437b2cff18355e354ae590405349629aa68c

Score

10^/10

qakbot spx35 1573827297 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

323.91

Botnet

spx35

Campaign

1573827297

C2

71.77.231.251:443

76.116.128.81:443

108.5.34.128:443

75.110.90.155:443

181.126.80.118:443

62.103.70.217:995

207.237.1.152:443

47.202.98.230:443

63.224.81.92:995

74.33.70.14:443

81.103.144.77:443

75.142.59.167:443

104.173.119.54:2222

190.198.47.65:443

72.255.200.129:2222

73.137.187.150:443

24.203.221.252:2222

71.182.142.63:443

72.142.106.198:465

173.52.119.247:443

Targets

- Target
  
  f28ce294538fb56d8aff8077b149541bea56d8166d84c6e79cd0d9903f566b30
- Size
  
  717KB
- MD5
  
  4b6accb73061345ed143f01d6199fc95
- SHA1
  
  4c157859670b75b6abc5a09715a0ff0b7f028f55
- SHA256
  
  f28ce294538fb56d8aff8077b149541bea56d8166d84c6e79cd0d9903f566b30
- SHA512
  
  8fd4948a04a0a5f74ee6b74599bc3a1840d8e1369bf436eb9f854d611e9a0ce60d5a8fa5b4775c916cfb7f6db04c437b2cff18355e354ae590405349629aa68c
Score

10^/10

qakbot spx35 1573827297 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotspx351573827297bankerstealertrojan

behavioral2

qakbotspx351573827297bankerstealertrojan