qakbot | aea9938957ddd82fc07e5b9db96446b76ed7e89f0be75c9f3bc328731bc21e74 | Triage

Sharing

General

Target

877276b8876f2386a46dcd6d09c10ab0N.exe
Size

521KB
Sample

240824-1ej86asfml
MD5

877276b8876f2386a46dcd6d09c10ab0
SHA1

c40cc713a7445351e820d7f6664b402739e61abe
SHA256

aea9938957ddd82fc07e5b9db96446b76ed7e89f0be75c9f3bc328731bc21e74
SHA512

df00c0ec4da21bf31edc6b0a94659cddc39eaa503b822eb38d05fb7abff6c717e0592524b5397847ab305479058aaccff6b2559fe15eb573f81b57a26e8ecec3
SSDEEP

6144:53iGEtpvg9pe3oUADfamC9EGqswger75gYK9KRCv/qn8Th:53mgLbtvswgK75b0o6Snc

Score

10^/10

qakbot spx131 1591077865 banker cryptone discovery packer stealer trojan

Malware Config

Extracted

Family

qakbot

Version

324.142

Botnet

spx131

Campaign

1591077865

C2

73.226.220.56:443

98.148.177.77:443

207.255.161.8:443

72.190.101.70:443

100.38.123.22:443

50.104.186.71:443

67.249.222.14:443

104.235.61.64:443

207.255.161.8:2222

71.197.180.27:443

72.209.191.27:443

64.19.74.29:995

71.209.67.223:2222

98.115.138.61:443

75.87.161.32:995

58.233.220.182:443

68.174.15.223:443

50.244.112.10:443

76.187.8.160:443

173.22.120.11:2222

Targets

- Target
  
  877276b8876f2386a46dcd6d09c10ab0N.exe
- Size
  
  521KB
- MD5
  
  877276b8876f2386a46dcd6d09c10ab0
- SHA1
  
  c40cc713a7445351e820d7f6664b402739e61abe
- SHA256
  
  aea9938957ddd82fc07e5b9db96446b76ed7e89f0be75c9f3bc328731bc21e74
- SHA512
  
  df00c0ec4da21bf31edc6b0a94659cddc39eaa503b822eb38d05fb7abff6c717e0592524b5397847ab305479058aaccff6b2559fe15eb573f81b57a26e8ecec3
- SSDEEP
  
  6144:53iGEtpvg9pe3oUADfamC9EGqswger75gYK9KRCv/qn8Th:53mgLbtvswgK75b0o6Snc
Score

10^/10

qakbot spx131 1591077865 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotspx1311591077865bankerdiscoverystealertrojan

behavioral2

qakbotspx1311591077865bankerdiscoverystealertrojan