qakbot | 8d58c29a45d8a94f3add1317a2d1c00e0d6eda898293a81952f5603967ce45ad | Triage

Sharing

General

Target

8d58c29a45d8a94f3add1317a2d1c00e0d6eda898293a81952f5603967ce45ad
Size

708KB
Sample

220724-vbxgesbce9
MD5

d93db4daa650dcdc5ffe670d61fcfa8f
SHA1

3ed89771339ea3e6d0ea56d16aface69ddef4f74
SHA256

8d58c29a45d8a94f3add1317a2d1c00e0d6eda898293a81952f5603967ce45ad
SHA512

bb1ab6ef623db5f71573ddd23a7c1873fabfc87c6f4f181fd8c8328367457bffc99edbb28d1c51991b137a69794d0915b845d9fbea6ca54c1dd922e9a797dabd

Score

10^/10

qakbot spx46 1576587820 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

323.91

Botnet

spx46

Campaign

1576587820

C2

32.208.1.239:8443

181.123.59.111:443

73.226.220.56:443

93.177.144.236:443

24.184.6.58:2222

72.16.212.107:465

162.244.224.166:443

62.47.252.79:993

67.10.18.112:993

104.235.119.20:443

72.224.159.224:2222

181.197.195.138:995

74.134.35.54:443

174.20.189.226:995

67.214.21.207:443

187.163.101.137:995

72.47.115.182:443

173.31.178.20:443

75.131.72.82:995

5.182.39.156:443

Targets

- Target
  
  8d58c29a45d8a94f3add1317a2d1c00e0d6eda898293a81952f5603967ce45ad
- Size
  
  708KB
- MD5
  
  d93db4daa650dcdc5ffe670d61fcfa8f
- SHA1
  
  3ed89771339ea3e6d0ea56d16aface69ddef4f74
- SHA256
  
  8d58c29a45d8a94f3add1317a2d1c00e0d6eda898293a81952f5603967ce45ad
- SHA512
  
  bb1ab6ef623db5f71573ddd23a7c1873fabfc87c6f4f181fd8c8328367457bffc99edbb28d1c51991b137a69794d0915b845d9fbea6ca54c1dd922e9a797dabd
Score

10^/10

qakbot spx46 1576587820 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotspx461576587820bankerstealertrojan

behavioral2

qakbotspx461576587820bankerstealertrojan