qakbot | 0a64c3b18f10fa85be3a7e18029d30af1f3cecacc7d20976b1701527e315bcc1 | Triage

Sharing

General

Target

7494dfce601f88205487e074f43c93a5bd8344be421a35d7f9c510e5fb08778b_0a64c3b18f10fa85be3a7e18029d30af1f3cecacc7d20976b1701527e315bcc1.exe
Size

521KB
Sample

240822-gexdyavbml
MD5

4f8f818e636f157d640c8e003630d311
SHA1

2834f4726770237327355e6427fbde23eb4465e1
SHA256

0a64c3b18f10fa85be3a7e18029d30af1f3cecacc7d20976b1701527e315bcc1
SHA512

60c590a35e43453f4d5d062ea14c736f2fbf380cc343411566131441f0b45530fa71d6456007f870a479a60d941a9b56eac48737817d91dd905a2e6a17a49546
SSDEEP

6144:53iGEtpvg9pe3oUADfamC9EGqswger75gYK9KRCv/qn8TW:53mgLbtvswgK75b0o6Snj

Score

10^/10

qakbot spx131 1591077865 banker cryptone discovery packer stealer trojan

Malware Config

Extracted

Family

qakbot

Version

324.142

Botnet

spx131

Campaign

1591077865

C2

73.226.220.56:443

98.148.177.77:443

207.255.161.8:443

72.190.101.70:443

100.38.123.22:443

50.104.186.71:443

67.249.222.14:443

104.235.61.64:443

207.255.161.8:2222

71.197.180.27:443

72.209.191.27:443

64.19.74.29:995

71.209.67.223:2222

98.115.138.61:443

75.87.161.32:995

58.233.220.182:443

68.174.15.223:443

50.244.112.10:443

76.187.8.160:443

173.22.120.11:2222

Targets

- Target
  
  7494dfce601f88205487e074f43c93a5bd8344be421a35d7f9c510e5fb08778b_0a64c3b18f10fa85be3a7e18029d30af1f3cecacc7d20976b1701527e315bcc1.exe
- Size
  
  521KB
- MD5
  
  4f8f818e636f157d640c8e003630d311
- SHA1
  
  2834f4726770237327355e6427fbde23eb4465e1
- SHA256
  
  0a64c3b18f10fa85be3a7e18029d30af1f3cecacc7d20976b1701527e315bcc1
- SHA512
  
  60c590a35e43453f4d5d062ea14c736f2fbf380cc343411566131441f0b45530fa71d6456007f870a479a60d941a9b56eac48737817d91dd905a2e6a17a49546
- SSDEEP
  
  6144:53iGEtpvg9pe3oUADfamC9EGqswger75gYK9KRCv/qn8TW:53mgLbtvswgK75b0o6Snj
Score

10^/10

qakbot spx131 1591077865 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotspx1311591077865bankerdiscoverystealertrojan

behavioral2

qakbotspx1311591077865bankerdiscoverystealertrojan