qakbot | c23c9580f06fdc862df3d80fb8dc398b666e01a523f06ffa8935a95dce4ff8f4 | Triage

Sharing

General

Target

c23c9580f06fdc862df3d80fb8dc398b666e01a523f06ffa8935a95dce4ff8f4.bin.exe
Size

1.8MB
Sample

240725-g2lkyswdlg
MD5

c9ca67936e230c7dc2f41f19c7febb6d
SHA1

17bbb5024f39d2409fc908481ace2d2ece9670f9
SHA256

c23c9580f06fdc862df3d80fb8dc398b666e01a523f06ffa8935a95dce4ff8f4
SHA512

6445443fd4836dd3006434fdc2c170b6e5527eb1195475c7c3306f6ac8e46206e485153cb2bbf616ab30d3f40da74ec7759e9acd59cf3dbf0ea3318171a6a810
SSDEEP

6144:v/JeE4PgrYCm0jkiZ/fYeWLHwIdHUUhYEbU:v/QYrYCnkY/AxwC/Yf

Score

10^/10

qakbot spx84 1585210684 banker cryptone discovery packer stealer trojan

Malware Config

Extracted

Family

qakbot

Version

324.70

Botnet

spx84

Campaign

1585210684

C2

47.40.244.237:443

71.213.61.215:995

216.201.162.158:443

72.38.44.119:995

47.41.3.57:443

67.250.184.157:443

47.153.115.154:443

173.79.220.156:443

108.27.217.44:443

75.81.25.223:995

67.209.195.198:3389

65.30.12.240:443

66.222.88.126:995

184.191.62.24:995

79.113.157.79:443

80.14.209.42:2222

73.163.242.114:443

108.185.113.12:443

24.99.180.247:443

75.105.224.113:993

Targets

- Target
  
  c23c9580f06fdc862df3d80fb8dc398b666e01a523f06ffa8935a95dce4ff8f4.bin.exe
- Size
  
  1.8MB
- MD5
  
  c9ca67936e230c7dc2f41f19c7febb6d
- SHA1
  
  17bbb5024f39d2409fc908481ace2d2ece9670f9
- SHA256
  
  c23c9580f06fdc862df3d80fb8dc398b666e01a523f06ffa8935a95dce4ff8f4
- SHA512
  
  6445443fd4836dd3006434fdc2c170b6e5527eb1195475c7c3306f6ac8e46206e485153cb2bbf616ab30d3f40da74ec7759e9acd59cf3dbf0ea3318171a6a810
- SSDEEP
  
  6144:v/JeE4PgrYCm0jkiZ/fYeWLHwIdHUUhYEbU:v/QYrYCnkY/AxwC/Yf
Score

10^/10

qakbot spx84 1585210684 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotspx841585210684bankerdiscoverystealertrojan

behavioral2

qakbotspx841585210684bankerdiscoverystealertrojan