Overview

overview

10

Static

static

3

3be9050665...9e.exe

windows7-x64

10

3be9050665...9e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3be905066595dc785c9b6b98bfb2d9e0478f32df31337a8aeec96d7ccd52769e

  • Size

    828KB

  • Sample

    240624-k4cydaxgrr

  • MD5

    c04e8b163d3b377221a71a04a16bf84c

  • SHA1

    99ceee7a93ea9b097301b947bb3afc6c45be39dc

  • SHA256

    3be905066595dc785c9b6b98bfb2d9e0478f32df31337a8aeec96d7ccd52769e

  • SHA512

    280ec29e5c849380bb586de2a58e019121a8c8b121a519ff4328b77e91c06aecddd8e22cb54116ab67494c79262b930811995076e7e5b3ae0559eaf20b6ea81f

  • SSDEEP

    6144:pytjBYoNndfTZ9WA0rTeI4DX+KLJaP8nDEnZjzWGhLX4T2n9HPm+eE8d7+xYM0my:wtzZeXixgP8DmHWEX4T2ZIdKmLjACr

Score
10/10
qakbotspx1561597661994bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

spx156

Campaign

1597661994

C2

98.26.50.62:995

46.53.40.244:443

86.98.89.40:2222

108.30.125.94:443

189.130.26.216:443

96.37.113.36:993

216.201.162.158:443

24.37.178.158:443

73.228.1.246:443

175.111.128.234:443

95.77.144.238:443

41.36.58.89:995

84.247.55.190:443

66.215.32.224:443

67.6.3.51:443

197.37.219.90:993

144.202.48.107:443

49.191.130.48:443

73.214.248.17:995

24.44.142.213:2222

Targets

    • Target

      3be905066595dc785c9b6b98bfb2d9e0478f32df31337a8aeec96d7ccd52769e

    • Size

      828KB

    • MD5

      c04e8b163d3b377221a71a04a16bf84c

    • SHA1

      99ceee7a93ea9b097301b947bb3afc6c45be39dc

    • SHA256

      3be905066595dc785c9b6b98bfb2d9e0478f32df31337a8aeec96d7ccd52769e

    • SHA512

      280ec29e5c849380bb586de2a58e019121a8c8b121a519ff4328b77e91c06aecddd8e22cb54116ab67494c79262b930811995076e7e5b3ae0559eaf20b6ea81f

    • SSDEEP

      6144:pytjBYoNndfTZ9WA0rTeI4DX+KLJaP8nDEnZjzWGhLX4T2n9HPm+eE8d7+xYM0my:wtzZeXixgP8DmHWEX4T2ZIdKmLjACr

    Score
    10/10
    qakbotspx1561597661994bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks