qakbot | ef5bfe3b8887512c769dafa06bf85ebce8a5ad4caef73a9877025b8cabfc0f59

General

Target

ef5bfe3b8887512c769dafa06bf85ebce8a5ad4caef73a9877025b8cabfc0f59
Size

1.2MB
Sample

230830-y1z6dshh71
MD5

1a09f13c4be42e02eb2b686c6931260b
SHA1

0e07d43842f79f390bcdeccf764f03b43b4308b0
SHA256

ef5bfe3b8887512c769dafa06bf85ebce8a5ad4caef73a9877025b8cabfc0f59
SHA512

d3a2a25eb2f4514fe705e04ca7a4d7eb563e0f53db961d62a91eaf362ad39041af0c2728d60faa864a4069feef425de3486133eb32da4413d856729a9d56b489
SSDEEP

12288:VK3pyiZL0yh4loxeCJZFfO1WMJ9e2HUS4z3C4+:V2pyiZLaoxLzkWM2eV4w

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

324.142

Botnet

spx135

Campaign

1591627649

C2

89.32.216.156:443

74.222.204.82:443

24.183.39.93:443

97.93.211.17:443

80.14.209.42:2222

96.35.170.82:2222

151.73.124.242:443

98.110.231.63:443

108.227.161.27:995

173.3.132.17:995

31.5.41.52:443

24.122.228.88:443

5.107.208.94:2222

76.185.136.58:443

50.29.166.232:995

73.210.114.187:443

92.114.107.193:995

24.43.22.220:993

50.247.230.33:995

72.142.106.198:465

Targets

- Target
  
  ef5bfe3b8887512c769dafa06bf85ebce8a5ad4caef73a9877025b8cabfc0f59
- Size
  
  1.2MB
- MD5
  
  1a09f13c4be42e02eb2b686c6931260b
- SHA1
  
  0e07d43842f79f390bcdeccf764f03b43b4308b0
- SHA256
  
  ef5bfe3b8887512c769dafa06bf85ebce8a5ad4caef73a9877025b8cabfc0f59
- SHA512
  
  d3a2a25eb2f4514fe705e04ca7a4d7eb563e0f53db961d62a91eaf362ad39041af0c2728d60faa864a4069feef425de3486133eb32da4413d856729a9d56b489
- SSDEEP
  
  12288:VK3pyiZL0yh4loxeCJZFfO1WMJ9e2HUS4z3C4+:V2pyiZLaoxLzkWM2eV4w
Score

10^/10

qakbot spx135 1591627649 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Peripheral Device Discovery

1

T1120

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2