Overview

overview

10

Static

static

qakbot_sample.msi

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    qakbot_sample.msi

  • Size

    384KB

  • Sample

    230202-rtzsqaeh54

  • MD5

    bd0ebd840439189cc64af2d0cd0dd130

  • SHA1

    72cef301ca25db6f1aa42f9380ab12ae2e99a725

  • SHA256

    fbe95e4d58b31a15569d3e4ab057bc47abb193c9afacdda186be51b2c1ac582b

  • SHA512

    b6298e66cb903d58b0877a0fe9725a6fb35dc2a304a5d79532d2cbc20ee3d85667fab7cc305baf5c9b612bfed9026f54a9371de72d00eb22964fcc9ff91f9b2b

  • SSDEEP

    6144:Vn1X0lyS6gYhkJceU2iXT+XYhwNabhXx3r6FiNhRfpwt+42OTTF:V1Xw6gzJceU2khmOC4Nhxpwc6X

Score
10/10
qakbotbb121675090602bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.430

Botnet

BB12

Campaign

1675090602

C2

24.9.220.167:443

92.239.81.124:443

12.172.173.82:32101

162.248.14.107:443

213.31.90.183:2222

217.128.200.114:2222

71.31.101.183:443

81.229.117.95:2222

184.68.116.146:2222

86.130.9.183:2222

92.154.45.81:2222

70.64.77.115:443

24.71.120.191:443

86.225.214.138:2222

86.165.225.227:2222

172.90.139.138:2222

92.207.132.174:2222

70.160.80.210:443

58.162.223.233:443

47.61.70.188:2078
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      qakbot_sample.msi

    • Size

      384KB

    • MD5

      bd0ebd840439189cc64af2d0cd0dd130

    • SHA1

      72cef301ca25db6f1aa42f9380ab12ae2e99a725

    • SHA256

      fbe95e4d58b31a15569d3e4ab057bc47abb193c9afacdda186be51b2c1ac582b

    • SHA512

      b6298e66cb903d58b0877a0fe9725a6fb35dc2a304a5d79532d2cbc20ee3d85667fab7cc305baf5c9b612bfed9026f54a9371de72d00eb22964fcc9ff91f9b2b

    • SSDEEP

      6144:Vn1X0lyS6gYhkJceU2iXT+XYhwNabhXx3r6FiNhRfpwt+42OTTF:V1Xw6gzJceU2khmOC4Nhxpwc6X

    Score
    10/10
    qakbotbb121675090602bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks