qakbot | 365f7e7eb4f8297de0eec8a541833110333a1f317a33cd72f1382fd675967eae | Triage

Submit
Reports

Overview

overview

Static

static

1

93a98b919a...7f.msi

windows7-x64

93a98b919a...7f.msi

windows10-2004-x64

Sharing

General

Target

93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.zip
Size

1010KB
Sample

240402-l5fw4aea8y
MD5

77e3c1adcf233684de185ce8367f0a87
SHA1

bbc7d0325077193ac909440f66603c69762fe5bf
SHA256

365f7e7eb4f8297de0eec8a541833110333a1f317a33cd72f1382fd675967eae
SHA512

adcde59bc9cbb7d18df56e99b27e23fc1a4e0232693b05f5fbbc51734e1e9401be29369c9f0ab0c4f7278dcff51019e99e676fb420f0c6a42e0f835c24c3ebb3
SSDEEP

24576:kgqZ9eTiV7Ul/Y2otVsvWJzfGa7Jgo7811D07oO+l7Qnn:krZ9eGml/YVtV8WJzeaWoE1DQml7o

Score

10^/10

qakbot tchk06 1702463600 banker stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.msi

Resource

win7-20240221-en

qakbot tchk06 1702463600 banker stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.msi

Resource

win10v2004-20240226-en

qakbot tchk06 1702463600 banker stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

qakbot

Botnet

tchk06

Campaign

1702463600

C2

45.138.74.191:443

65.108.218.24:443

Attributes

camp_date
2023-12-13 10:33:20 +0000 UTC

Targets

- Target
  
  93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.msi
- Size
  
  1.9MB
- MD5
  
  82b8bd90e500fb0bf878d6f430c5abec
- SHA1
  
  f004c09428f2f18a145212a9e55eef3615858f9c
- SHA256
  
  93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f
- SHA512
  
  82b2e997bf5bc0d08ab8dd921aef3e8d620a61c26f86b6f481845ad694d7b97f65dfa42e1c18b83f0f827cad9df69a409b75d96793e5bd7124c26bc7cb07f881
- SSDEEP
  
  49152:Ksjitd+vszAlozTy4g5r8+5eNBABxGNvXreD68f:rihTyfcXreO8f
Score

10^/10

qakbot tchk06 1702463600 banker stealer trojan
- Detect Qakbot Payload
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

qakbottchk061702463600bankerstealertrojan

behavioral2

qakbottchk061702463600bankerstealertrojan

© 2018-2024

Terms | Privacy