qakbot | 2136f2026272ae4785d81fd2a525b9bdba67ae8d799ac08491659876f4cfe696 | Triage

Sharing

General

Target

2136f2026272ae4785d81fd2a525b9bdba67ae8d799ac08491659876f4cfe696
Size

4.0MB
Sample

240901-y1a69szgqk
MD5

9cb1c0dcbf95eda0b60c9fde55c4c02b
SHA1

a2aaadd74aeee30fb1edf9e72e7741668a7861e6
SHA256

2136f2026272ae4785d81fd2a525b9bdba67ae8d799ac08491659876f4cfe696
SHA512

7132c80fd37970de7eac44bef9611a4d7938e0325453a510c7a6cab4176c6c9371424d9e14a78d7c96c3a4b70dd8bdf65552113ad13c2e6c361e180ea6240a08
SSDEEP

6144:QSj19QP9G+wgVFGOBD+Tl/Qa8Vx+z0JxR7xMJz/qffNNuZxX5DR38x5+jT0w:QSj1KA+wg9BD+TVGczIhxMKq73PjT0w

Score

10^/10

qakbot abc015 1602068203 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc015

Campaign

1602068203

C2

71.163.222.203:443

166.62.183.139:2078

65.131.32.110:995

117.215.192.15:443

77.31.120.194:995

173.245.152.231:443

181.91.252.68:443

2.51.221.138:995

86.126.108.242:2222

59.96.167.189:443

80.240.26.178:443

84.117.176.32:443

72.204.242.138:32102

197.133.16.204:443

71.221.92.98:443

191.84.8.255:443

98.16.204.189:995

72.186.1.237:443

2.50.159.48:2222

70.124.29.226:443

Targets

- Target
  
  2136f2026272ae4785d81fd2a525b9bdba67ae8d799ac08491659876f4cfe696
- Size
  
  4.0MB
- MD5
  
  9cb1c0dcbf95eda0b60c9fde55c4c02b
- SHA1
  
  a2aaadd74aeee30fb1edf9e72e7741668a7861e6
- SHA256
  
  2136f2026272ae4785d81fd2a525b9bdba67ae8d799ac08491659876f4cfe696
- SHA512
  
  7132c80fd37970de7eac44bef9611a4d7938e0325453a510c7a6cab4176c6c9371424d9e14a78d7c96c3a4b70dd8bdf65552113ad13c2e6c361e180ea6240a08
- SSDEEP
  
  6144:QSj19QP9G+wgVFGOBD+Tl/Qa8Vx+z0JxR7xMJz/qffNNuZxX5DR38x5+jT0w:QSj1KA+wg9BD+TVGczIhxMKq73PjT0w
Score

10^/10

qakbot abc015 1602068203 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0151602068203bankerdiscoverystealertrojan

behavioral2

qakbotabc0151602068203bankerdiscoverystealertrojan