qakbot | c3a8ed0e971bbb1343a29ec788de75657f5f5111ab344b0374289f6c4a3ea2ab | Triage

Submit
Reports

Overview

overview

Static

static

1

93a98b919a...7f.msi

windows7-x64

93a98b919a...7f.msi

windows10-2004-x64

Sharing

General

Target

93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.zip
Size

1010KB
Sample

240402-mnnfaafc3s
MD5

cee428f37b99396de09b5d0dcebfead6
SHA1

e8689f2f1824ec82748461b7df6ede6486d9d55a
SHA256

c3a8ed0e971bbb1343a29ec788de75657f5f5111ab344b0374289f6c4a3ea2ab
SHA512

c9e15537958f68847598190dcd0e169bb7f9e7388aef093bc55d71984004ec58e7bbca45945935ceba1d3fc2f430b3e9d6b721393938201269eaa0a4c368bc4a
SSDEEP

24576:CKUgKfHWorb6oSsz+ZeAqKmzpHNrIB54sqU2Abj9lbcmzNWG:qhlrb6Az+xqxH9Nsv3bj9lgmzNl

Score

10^/10

qakbot tchk06 1702463600 banker stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.msi

Resource

win7-20240221-en

qakbot tchk06 1702463600 banker stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.msi

Resource

win10v2004-20231215-en

qakbot tchk06 1702463600 banker stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

qakbot

Botnet

tchk06

Campaign

1702463600

C2

45.138.74.191:443

65.108.218.24:443

Attributes

camp_date
2023-12-13 10:33:20 +0000 UTC

Targets

- Target
  
  93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.msi
- Size
  
  1.9MB
- MD5
  
  82b8bd90e500fb0bf878d6f430c5abec
- SHA1
  
  f004c09428f2f18a145212a9e55eef3615858f9c
- SHA256
  
  93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f
- SHA512
  
  82b2e997bf5bc0d08ab8dd921aef3e8d620a61c26f86b6f481845ad694d7b97f65dfa42e1c18b83f0f827cad9df69a409b75d96793e5bd7124c26bc7cb07f881
- SSDEEP
  
  49152:Ksjitd+vszAlozTy4g5r8+5eNBABxGNvXreD68f:rihTyfcXreO8f
Score

10^/10

qakbot tchk06 1702463600 banker stealer trojan
- Detect Qakbot Payload
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

qakbottchk061702463600bankerstealertrojan

behavioral2

qakbottchk061702463600bankerstealertrojan

© 2018-2024

Terms | Privacy