qakbot | 7ca944aceb280237597a251217a9b5db9f04279fe63b5ab6583f13e15dfc9f46 | Triage

Submit
Reports

Overview

overview

Static

static

1

73472cfc52...a3.msi

windows7-x64

73472cfc52...a3.msi

windows10-2004-x64

6

Sharing

General

Target

73472cfc52f2732b933e385ef80b4541191c45c995ce5c42844484c33c9867a3.zip
Size

4.2MB
Sample

240402-l5b8xaea7w
MD5

1dfa459158e1d9b06cb17e2c0e5e89c5
SHA1

9610525bb1d0c6976b9dfaaece83b68686a0a415
SHA256

7ca944aceb280237597a251217a9b5db9f04279fe63b5ab6583f13e15dfc9f46
SHA512

edb6dbce1323087869ee5acf7b74e818951e174ef03981623b2c46dedefac9358dfa00ee82f2c6681443cb004df8091f706742de23a5b456d1370c39089dae10
SSDEEP

98304:Xf9VdyEc0YCFCNtIJxe1gH91BoVAZrKa4W5AqzqZFV0Wg:P9Vnc0YjjAx3TSVkTzzmV0B

Score

10^/10

qakbot tchk08 1706710954 banker stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

73472cfc52f2732b933e385ef80b4541191c45c995ce5c42844484c33c9867a3.msi

Resource

win7-20231129-en

qakbot tchk08 1706710954 banker stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

73472cfc52f2732b933e385ef80b4541191c45c995ce5c42844484c33c9867a3.msi

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

qakbot

Botnet

tchk08

Campaign

1706710954

C2

31.210.173.10:443

185.156.172.62:443

185.113.8.123:443

Attributes

camp_date
2024-01-31 14:22:34 +0000 UTC

Targets

- Target
  
  73472cfc52f2732b933e385ef80b4541191c45c995ce5c42844484c33c9867a3.msi
- Size
  
  5.8MB
- MD5
  
  483b57478ab379546ae9fbab1c0185fa
- SHA1
  
  e76211f214c1bcd7eb4ab21478d11a50c31d5da7
- SHA256
  
  73472cfc52f2732b933e385ef80b4541191c45c995ce5c42844484c33c9867a3
- SHA512
  
  a06f6a98831454f70413efcb6ca97a96440c07bc65e42a8bbfa6c2a6ae7d5dc666d3b96455acdd98089867b9f5ed0cbd98c69bda1c088eb6f3a6c7d702bcb9c4
- SSDEEP
  
  98304:mihTySajXEjCVXrepfrULCZf7ACNQB0zmlwXU8ern7beyN:OjjIzULqpQBv17r3eyN
Score

10^/10

qakbot tchk08 1706710954 banker stealer trojan
- Detect Qakbot Payload
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

qakbottchk081706710954bankerstealertrojan

behavioral2

© 2018-2024

Terms | Privacy