qakbot | 76be0118a6d679d5bf54c54be2149aad1abbcc540bb712593f289daf11f62507 | Triage

Sharing

General

Target

d46c22ad7a5918d888a47c67211ad460N.exe
Size

1.0MB
Sample

240827-jm7wra1hpm
MD5

d46c22ad7a5918d888a47c67211ad460
SHA1

eed7651bc49b5d96857b1a09d5146e051fa8b18d
SHA256

76be0118a6d679d5bf54c54be2149aad1abbcc540bb712593f289daf11f62507
SHA512

0c9702d3d9b2ebb3bbe46d1655791f7d0b9c46e275e7695320edb37975a50265f35a72f4b44abecc9224b10438843d7aeb9cd62f6f02372dbad54ec756fec2de
SSDEEP

12288:qqflDDoYeF20NNHCW8k45hox9l7pUHFX6EQ2XbhV:q00E0NNHCWZmO7aHBNbX

Score

10^/10

qakbot abc029 1605085287 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.59

Botnet

abc029

Campaign

1605085287

C2

24.27.82.216:2222

86.122.246.127:2222

151.73.126.156:443

176.181.247.197:443

85.186.115.172:995

94.49.131.37:443

41.205.16.176:443

86.121.137.204:2222

217.162.149.212:443

63.155.67.114:995

212.70.107.59:995

2.50.143.154:2222

73.166.10.38:443

84.232.252.202:2222

50.82.55.69:443

47.146.39.147:443

69.40.22.180:443

73.239.229.107:995

71.187.177.20:443

86.97.191.98:2222

Targets

- Target
  
  d46c22ad7a5918d888a47c67211ad460N.exe
- Size
  
  1.0MB
- MD5
  
  d46c22ad7a5918d888a47c67211ad460
- SHA1
  
  eed7651bc49b5d96857b1a09d5146e051fa8b18d
- SHA256
  
  76be0118a6d679d5bf54c54be2149aad1abbcc540bb712593f289daf11f62507
- SHA512
  
  0c9702d3d9b2ebb3bbe46d1655791f7d0b9c46e275e7695320edb37975a50265f35a72f4b44abecc9224b10438843d7aeb9cd62f6f02372dbad54ec756fec2de
- SSDEEP
  
  12288:qqflDDoYeF20NNHCW8k45hox9l7pUHFX6EQ2XbhV:q00E0NNHCWZmO7aHBNbX
Score

10^/10

qakbot abc029 1605085287 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0291605085287bankerdiscoverystealertrojan

behavioral2

qakbotabc0291605085287bankerdiscoverystealertrojan