qakbot | eafc9e33954f03a1205c4477a5065384c4fa1adaff1dffa7c830445611127825 | Triage

Sharing

General

Target

eafc9e33954f03a1205c4477a5065384c4fa1adaff1dffa7c830445611127825
Size

4.3MB
Sample

240902-f3y21atfmc
MD5

0813ebedbcd007187439e688a583859b
SHA1

375b2726f06498b04cf872d2e763e0857bc127ce
SHA256

eafc9e33954f03a1205c4477a5065384c4fa1adaff1dffa7c830445611127825
SHA512

b5779493b6d52fe2475209429d0e6e70283ffdc389c507210a761b39313cabe2d76e211253a4d51b9188c907355657245da35a2d0c572ffc5183ba297d6175d4
SSDEEP

24576:AIydQMFmTIaG+hzgK/sdZvaKBaJh+TxyQL:wdnj5IzgK/sdZvaKBaJhgj

Score

10^/10

qakbot abc006 1600687594 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc006

Campaign

1600687594

C2

72.204.242.138:20

75.136.40.155:443

207.255.161.8:443

80.240.26.178:443

86.122.241.39:2222

103.238.231.40:443

47.146.32.175:443

202.141.244.118:995

185.19.190.81:443

24.201.79.208:2078

178.87.21.21:443

66.222.88.126:995

185.246.9.69:995

172.78.30.215:443

83.110.6.64:2222

41.233.39.224:995

77.159.149.74:443

66.76.105.197:443

134.0.196.46:995

75.87.161.32:995

Targets

- Target
  
  eafc9e33954f03a1205c4477a5065384c4fa1adaff1dffa7c830445611127825
- Size
  
  4.3MB
- MD5
  
  0813ebedbcd007187439e688a583859b
- SHA1
  
  375b2726f06498b04cf872d2e763e0857bc127ce
- SHA256
  
  eafc9e33954f03a1205c4477a5065384c4fa1adaff1dffa7c830445611127825
- SHA512
  
  b5779493b6d52fe2475209429d0e6e70283ffdc389c507210a761b39313cabe2d76e211253a4d51b9188c907355657245da35a2d0c572ffc5183ba297d6175d4
- SSDEEP
  
  24576:AIydQMFmTIaG+hzgK/sdZvaKBaJh+TxyQL:wdnj5IzgK/sdZvaKBaJhgj
Score

10^/10

qakbot abc006 1600687594 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0061600687594bankerdiscoverystealertrojan

behavioral2

qakbotabc0061600687594bankerdiscoverystealertrojan