Overview

overview

10

Static

static

9

0cd872e07f...a5.exe

windows7-x64

10

0cd872e07f...a5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0cd872e07f9e1929b9b3baf7f86af70ccb28763bd4f1a16ebad659ea262106a5

  • Size

    685KB

  • Sample

    230506-2zae5agf61

  • MD5

    3fd42487ee9c7d8fac89a2adae599e95

  • SHA1

    b66af11696c35b8d0d8581b26365665d7b4d55cc

  • SHA256

    0cd872e07f9e1929b9b3baf7f86af70ccb28763bd4f1a16ebad659ea262106a5

  • SHA512

    515767513ac733a0bef612020bf16f4979d1bf9b98fa4bb9bf33ded817a0ab7f0186171f012fe89481e174ad2379ca5f81dc62e70adc268b9475fe10fde0cedd

  • SSDEEP

    12288:jIVIVaOBba7o4OJ7YpuC2OjwXhXYV4NaM9WKMfFs:jIhOBLNiuC2UY2YaU69

Score
10/10
qakbotspx1231589977350bankercryptonepackerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.141

Botnet

spx123

Campaign

1589977350

C2

71.77.252.14:2222

174.130.225.61:443

76.187.97.98:2222

187.19.151.218:995

82.127.193.151:2222

72.204.242.138:993

66.208.105.6:443

24.183.39.93:443

98.243.187.85:443

68.49.120.179:443

72.204.242.138:995

72.29.181.77:2078

72.204.242.138:443

24.136.33.120:2222

96.56.237.174:990

107.2.148.99:443

216.201.162.158:443

71.213.29.14:995

84.247.55.190:443

86.124.2.219:443

Targets

    • Target

      0cd872e07f9e1929b9b3baf7f86af70ccb28763bd4f1a16ebad659ea262106a5

    • Size

      685KB

    • MD5

      3fd42487ee9c7d8fac89a2adae599e95

    • SHA1

      b66af11696c35b8d0d8581b26365665d7b4d55cc

    • SHA256

      0cd872e07f9e1929b9b3baf7f86af70ccb28763bd4f1a16ebad659ea262106a5

    • SHA512

      515767513ac733a0bef612020bf16f4979d1bf9b98fa4bb9bf33ded817a0ab7f0186171f012fe89481e174ad2379ca5f81dc62e70adc268b9475fe10fde0cedd

    • SSDEEP

      12288:jIVIVaOBba7o4OJ7YpuC2OjwXhXYV4NaM9WKMfFs:jIhOBLNiuC2UY2YaU69

    Score
    10/10
    qakbotspx1231589977350bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks