Overview

overview

10

Static

static

9

c23c9580f0...in.exe

windows7-x64

10

c23c9580f0...in.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c23c9580f06fdc862df3d80fb8dc398b666e01a523f06ffa8935a95dce4ff8f4.bin.exe

  • Size

    1.8MB

  • Sample

    240725-g2lkyswdlg

  • MD5

    c9ca67936e230c7dc2f41f19c7febb6d

  • SHA1

    17bbb5024f39d2409fc908481ace2d2ece9670f9

  • SHA256

    c23c9580f06fdc862df3d80fb8dc398b666e01a523f06ffa8935a95dce4ff8f4

  • SHA512

    6445443fd4836dd3006434fdc2c170b6e5527eb1195475c7c3306f6ac8e46206e485153cb2bbf616ab30d3f40da74ec7759e9acd59cf3dbf0ea3318171a6a810

  • SSDEEP

    6144:v/JeE4PgrYCm0jkiZ/fYeWLHwIdHUUhYEbU:v/QYrYCnkY/AxwC/Yf

Score
10/10
qakbotspx841585210684bankercryptonediscoverypackerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.70

Botnet

spx84

Campaign

1585210684

C2

47.40.244.237:443

71.213.61.215:995

216.201.162.158:443

72.38.44.119:995

47.41.3.57:443

67.250.184.157:443

47.153.115.154:443

173.79.220.156:443

108.27.217.44:443

75.81.25.223:995

67.209.195.198:3389

65.30.12.240:443

66.222.88.126:995

184.191.62.24:995

79.113.157.79:443

80.14.209.42:2222

73.163.242.114:443

108.185.113.12:443

24.99.180.247:443

75.105.224.113:993

Targets

    • Target

      c23c9580f06fdc862df3d80fb8dc398b666e01a523f06ffa8935a95dce4ff8f4.bin.exe

    • Size

      1.8MB

    • MD5

      c9ca67936e230c7dc2f41f19c7febb6d

    • SHA1

      17bbb5024f39d2409fc908481ace2d2ece9670f9

    • SHA256

      c23c9580f06fdc862df3d80fb8dc398b666e01a523f06ffa8935a95dce4ff8f4

    • SHA512

      6445443fd4836dd3006434fdc2c170b6e5527eb1195475c7c3306f6ac8e46206e485153cb2bbf616ab30d3f40da74ec7759e9acd59cf3dbf0ea3318171a6a810

    • SSDEEP

      6144:v/JeE4PgrYCm0jkiZ/fYeWLHwIdHUUhYEbU:v/QYrYCnkY/AxwC/Yf

    Score
    10/10
    qakbotspx841585210684bankerdiscoverystealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks