qakbot | e7d7fc4f9f320ae74f296278beadf5a335ec7f4c71bc2f3fdac2ba0069376a0c | Triage

Sharing

General

Target

ca5c21f1f6ec2720f105d5b6e4903200N.exe
Size

5.9MB
Sample

240903-ydkr7avepl
MD5

ca5c21f1f6ec2720f105d5b6e4903200
SHA1

19e824ce163e10c4fe36384a51a68fb8524a7418
SHA256

e7d7fc4f9f320ae74f296278beadf5a335ec7f4c71bc2f3fdac2ba0069376a0c
SHA512

6360cc9876fcb8434ad7271925a918bac6a9ff0d6087ac9653642311dffe70d604218b2ec37200a8101f4860f11b5753ce1b337a106ab63bdaca9681f4f9561c
SSDEEP

6144:HX4thSUHz9HRg1c96R7b3/dyTl8W2p7/j1qBl9scLGUNhN:Hqh3Hz9HeTZzdwl8W2ZR6aU3N

Score

10^/10

qakbot abc002 1599751744 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc002

Campaign

1599751744

C2

73.216.60.90:2222

71.74.12.34:443

184.98.103.204:995

71.84.5.114:995

108.190.151.108:2222

76.170.77.99:995

95.77.223.148:443

85.121.42.12:995

72.209.191.27:443

166.62.180.194:2078

189.157.207.155:995

108.185.113.12:443

72.204.242.138:32102

216.163.4.136:443

95.76.109.181:443

108.31.15.10:995

188.25.162.27:443

76.111.128.194:443

209.182.122.217:443

66.215.32.224:443

Targets

- Target
  
  ca5c21f1f6ec2720f105d5b6e4903200N.exe
- Size
  
  5.9MB
- MD5
  
  ca5c21f1f6ec2720f105d5b6e4903200
- SHA1
  
  19e824ce163e10c4fe36384a51a68fb8524a7418
- SHA256
  
  e7d7fc4f9f320ae74f296278beadf5a335ec7f4c71bc2f3fdac2ba0069376a0c
- SHA512
  
  6360cc9876fcb8434ad7271925a918bac6a9ff0d6087ac9653642311dffe70d604218b2ec37200a8101f4860f11b5753ce1b337a106ab63bdaca9681f4f9561c
- SSDEEP
  
  6144:HX4thSUHz9HRg1c96R7b3/dyTl8W2p7/j1qBl9scLGUNhN:Hqh3Hz9HeTZzdwl8W2ZR6aU3N
Score

10^/10

qakbot abc002 1599751744 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0021599751744bankerdiscoverystealertrojan

behavioral2

qakbotabc0021599751744bankerdiscoverystealertrojan