Overview

overview

10

Static

static

3

qakbot.exe

windows7-x64

10

qakbot.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    qakbot.exe

  • Size

    2.7MB

  • Sample

    240626-t4wj6awaqm

  • MD5

    6f9e304b289770a66e089ae2be83952c

  • SHA1

    629c55b8e3e4fd9a6c0a4463ef5d30ceda133eb8

  • SHA256

    b92c0aafb4e9b0fc2b023dbb14d7e848249f29e02b0e4cd8624ce27e55c9ac4c

  • SHA512

    c621eb4c8f51bae2e75cbffd53db8173d91340e2987cccd15453a2a2c048d9820b26b64e0d51fbfb441e5dbf4f9108cfbe46bda872f2980491028d93fcb33f94

  • SSDEEP

    12288:hmJnJHUrcxNxDxfxNxnxNxIWxNxsyRxNxRxNx0xNxrjG8zme:w5cir

Score
10/10
qakbotspx1561597661994bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

spx156

Campaign

1597661994

C2

98.26.50.62:995

46.53.40.244:443

86.98.89.40:2222

108.30.125.94:443

189.130.26.216:443

96.37.113.36:993

216.201.162.158:443

24.37.178.158:443

73.228.1.246:443

175.111.128.234:443

95.77.144.238:443

41.36.58.89:995

84.247.55.190:443

66.215.32.224:443

67.6.3.51:443

197.37.219.90:993

144.202.48.107:443

49.191.130.48:443

73.214.248.17:995

24.44.142.213:2222

Targets

    • Target

      qakbot.exe

    • Size

      2.7MB

    • MD5

      6f9e304b289770a66e089ae2be83952c

    • SHA1

      629c55b8e3e4fd9a6c0a4463ef5d30ceda133eb8

    • SHA256

      b92c0aafb4e9b0fc2b023dbb14d7e848249f29e02b0e4cd8624ce27e55c9ac4c

    • SHA512

      c621eb4c8f51bae2e75cbffd53db8173d91340e2987cccd15453a2a2c048d9820b26b64e0d51fbfb441e5dbf4f9108cfbe46bda872f2980491028d93fcb33f94

    • SSDEEP

      12288:hmJnJHUrcxNxDxfxNxnxNxIWxNxsyRxNxRxNx0xNxrjG8zme:w5cir

    Score
    10/10
    qakbotspx1561597661994bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks