qakbot | b7ed90eb0542f19931b97cb54b86a9e7a5008360ed12efe7e4fce5e7c956a005 | Triage

Sharing

General

Target

184f7bfc7550659ecf72301dbef01d60N
Size

1.0MB
Sample

240826-1ydwgsxfqc
MD5

184f7bfc7550659ecf72301dbef01d60
SHA1

0fff9e1df6189e5fa77c40639d0a7f1cc14ee33b
SHA256

b7ed90eb0542f19931b97cb54b86a9e7a5008360ed12efe7e4fce5e7c956a005
SHA512

ae0e08c22aa8b6c327f19241921f08432cd6a25eec1a3791c9986a9400032dc3d7b8ad790f77ee2bdcc09a58f29d7db629420857f23f03e247764df45c5f40f3
SSDEEP

12288:VqflDDoYeF20NNHCA53Nj5rfmJUpDi3Ix1m9EX6EQ2Xbhv+q:V00E0NNHCAZNj5reJUp7hNbR+q

Score

10^/10

qakbot tr01 1604997522 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.59

Botnet

tr01

Campaign

1604997522

C2

122.61.213.85:443

2.50.89.119:995

189.183.201.0:443

86.98.145.152:2222

96.241.66.126:443

90.101.117.122:2222

94.69.112.148:2222

81.150.181.168:2222

82.127.125.209:2222

81.214.126.173:2222

86.140.82.116:20

172.87.157.235:443

176.181.247.197:443

78.97.110.47:443

5.15.90.117:2222

41.206.131.156:443

151.73.112.67:443

82.127.125.209:990

197.45.110.165:995

81.133.234.36:2222

Targets

- Target
  
  184f7bfc7550659ecf72301dbef01d60N
- Size
  
  1.0MB
- MD5
  
  184f7bfc7550659ecf72301dbef01d60
- SHA1
  
  0fff9e1df6189e5fa77c40639d0a7f1cc14ee33b
- SHA256
  
  b7ed90eb0542f19931b97cb54b86a9e7a5008360ed12efe7e4fce5e7c956a005
- SHA512
  
  ae0e08c22aa8b6c327f19241921f08432cd6a25eec1a3791c9986a9400032dc3d7b8ad790f77ee2bdcc09a58f29d7db629420857f23f03e247764df45c5f40f3
- SSDEEP
  
  12288:VqflDDoYeF20NNHCA53Nj5rfmJUpDi3Ix1m9EX6EQ2Xbhv+q:V00E0NNHCAZNj5reJUp7hNbR+q
Score

10^/10

qakbot tr01 1604997522 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbottr011604997522bankerdiscoverystealertrojan

behavioral2

qakbottr011604997522bankerdiscoverystealertrojan