qakbot | b894ddfc70491c1327475f778fe706f0d23d32996dcba81617ba83e1f728f119 | Triage

Sharing

General

Target

b894ddfc70491c1327475f778fe706f0d23d32996dcba81617ba83e1f728f119
Size

5.9MB
Sample

240902-djgmhazdqk
MD5

518352ac52762c6744df5926a751a402
SHA1

3d7b20114a1b87a20aab36431fb856b4e2691e61
SHA256

b894ddfc70491c1327475f778fe706f0d23d32996dcba81617ba83e1f728f119
SHA512

c258ffb802253c22e00b7d4184e12adafceb847f6ebcde5a6d92fc969061d251aa34c35d18a26f2f236fbd653e0cf613a6c2f510c191e73f51fd4fab39e9208d
SSDEEP

6144:HO4thSUHz9HRg1c96R7b3/dyTl8W2p7/j1qBl9scLGUNhN:Hth3Hz9HeTZzdwl8W2ZR6aU3N

Score

10^/10

qakbot abc002 1599751744 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc002

Campaign

1599751744

C2

73.216.60.90:2222

71.74.12.34:443

184.98.103.204:995

71.84.5.114:995

108.190.151.108:2222

76.170.77.99:995

95.77.223.148:443

85.121.42.12:995

72.209.191.27:443

166.62.180.194:2078

189.157.207.155:995

108.185.113.12:443

72.204.242.138:32102

216.163.4.136:443

95.76.109.181:443

108.31.15.10:995

188.25.162.27:443

76.111.128.194:443

209.182.122.217:443

66.215.32.224:443

Targets

- Target
  
  b894ddfc70491c1327475f778fe706f0d23d32996dcba81617ba83e1f728f119
- Size
  
  5.9MB
- MD5
  
  518352ac52762c6744df5926a751a402
- SHA1
  
  3d7b20114a1b87a20aab36431fb856b4e2691e61
- SHA256
  
  b894ddfc70491c1327475f778fe706f0d23d32996dcba81617ba83e1f728f119
- SHA512
  
  c258ffb802253c22e00b7d4184e12adafceb847f6ebcde5a6d92fc969061d251aa34c35d18a26f2f236fbd653e0cf613a6c2f510c191e73f51fd4fab39e9208d
- SSDEEP
  
  6144:HO4thSUHz9HRg1c96R7b3/dyTl8W2p7/j1qBl9scLGUNhN:Hth3Hz9HeTZzdwl8W2ZR6aU3N
Score

10^/10

qakbot abc002 1599751744 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0021599751744bankerdiscoverystealertrojan

behavioral2

qakbotabc0021599751744bankerdiscoverystealertrojan