qakbot | 3be905066595dc785c9b6b98bfb2d9e0478f32df31337a8aeec96d7ccd52769e | Triage

Sharing

General

Target

3be905066595dc785c9b6b98bfb2d9e0478f32df31337a8aeec96d7ccd52769e
Size

828KB
Sample

240624-k4cydaxgrr
MD5

c04e8b163d3b377221a71a04a16bf84c
SHA1

99ceee7a93ea9b097301b947bb3afc6c45be39dc
SHA256

3be905066595dc785c9b6b98bfb2d9e0478f32df31337a8aeec96d7ccd52769e
SHA512

280ec29e5c849380bb586de2a58e019121a8c8b121a519ff4328b77e91c06aecddd8e22cb54116ab67494c79262b930811995076e7e5b3ae0559eaf20b6ea81f
SSDEEP

6144:pytjBYoNndfTZ9WA0rTeI4DX+KLJaP8nDEnZjzWGhLX4T2n9HPm+eE8d7+xYM0my:wtzZeXixgP8DmHWEX4T2ZIdKmLjACr

Score

10^/10

qakbot spx156 1597661994 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

spx156

Campaign

1597661994

C2

98.26.50.62:995

46.53.40.244:443

86.98.89.40:2222

108.30.125.94:443

189.130.26.216:443

96.37.113.36:993

216.201.162.158:443

24.37.178.158:443

73.228.1.246:443

175.111.128.234:443

95.77.144.238:443

41.36.58.89:995

84.247.55.190:443

66.215.32.224:443

67.6.3.51:443

197.37.219.90:993

144.202.48.107:443

49.191.130.48:443

73.214.248.17:995

24.44.142.213:2222

Targets

- Target
  
  3be905066595dc785c9b6b98bfb2d9e0478f32df31337a8aeec96d7ccd52769e
- Size
  
  828KB
- MD5
  
  c04e8b163d3b377221a71a04a16bf84c
- SHA1
  
  99ceee7a93ea9b097301b947bb3afc6c45be39dc
- SHA256
  
  3be905066595dc785c9b6b98bfb2d9e0478f32df31337a8aeec96d7ccd52769e
- SHA512
  
  280ec29e5c849380bb586de2a58e019121a8c8b121a519ff4328b77e91c06aecddd8e22cb54116ab67494c79262b930811995076e7e5b3ae0559eaf20b6ea81f
- SSDEEP
  
  6144:pytjBYoNndfTZ9WA0rTeI4DX+KLJaP8nDEnZjzWGhLX4T2n9HPm+eE8d7+xYM0my:wtzZeXixgP8DmHWEX4T2ZIdKmLjACr
Score

10^/10

qakbot spx156 1597661994 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotspx1561597661994bankerstealertrojan

behavioral2

qakbotspx1561597661994bankerstealertrojan