qakbot | 39e79ae8d91991013f5d7ea8044ddbdd9c6feb56244c57ca82c0047c78aaff55 | Triage

Submit
Reports

Overview

overview

Static

static

1

93a98b919a...7f.msi

windows7-x64

93a98b919a...7f.msi

windows10-2004-x64

Sharing

General

Target

93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.zip
Size

1010KB
Sample

240302-xxke4agg26
MD5

2ece7f01b02e6d276391213deda1a4af
SHA1

4e650fb9cb14b5fb2f1f5774159ebe379af8089a
SHA256

39e79ae8d91991013f5d7ea8044ddbdd9c6feb56244c57ca82c0047c78aaff55
SHA512

10e239cbdb445cea3544e6f390d6de76752bb8dcc443eb85c85a572f05ae31da591d4a7be43b2931b9e2241baf48f539bf886dd716259955641aa1bcee87454a
SSDEEP

24576:YouaNN3a5R90JDKq2R2TYU1TxqwqHlL+XWhdtMECYKLJ:Ju7sw2HowqFCWOECr

Score

10^/10

qakbot tchk06 1702463600 banker stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.msi

Resource

win7-20240221-en

qakbot tchk06 1702463600 banker stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.msi

Resource

win10v2004-20240226-en

qakbot tchk06 1702463600 banker stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

qakbot

Botnet

tchk06

Campaign

1702463600

C2

45.138.74.191:443

65.108.218.24:443

Attributes

camp_date
2023-12-13 10:33:20 +0000 UTC

Targets

- Target
  
  93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.msi
- Size
  
  1.9MB
- MD5
  
  82b8bd90e500fb0bf878d6f430c5abec
- SHA1
  
  f004c09428f2f18a145212a9e55eef3615858f9c
- SHA256
  
  93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f
- SHA512
  
  82b2e997bf5bc0d08ab8dd921aef3e8d620a61c26f86b6f481845ad694d7b97f65dfa42e1c18b83f0f827cad9df69a409b75d96793e5bd7124c26bc7cb07f881
- SSDEEP
  
  49152:Ksjitd+vszAlozTy4g5r8+5eNBABxGNvXreD68f:rihTyfcXreO8f
Score

10^/10

qakbot tchk06 1702463600 banker stealer trojan
- Detect Qakbot Payload
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbottchk061702463600bankerstealertrojan

behavioral2

qakbottchk061702463600bankerstealertrojan

© 2018-2024

Terms | Privacy