qakbot | 289e13556ae6e08276cd2bcff306a0bdb32d46f4d3932bd0d60545d2647bef5c | Triage

Sharing

General

Target

ea190c3dc8ebf2f4f434e5f61f0ff360N.exe
Size

5.7MB
Sample

240904-2bslssxeql
MD5

ea190c3dc8ebf2f4f434e5f61f0ff360
SHA1

4457dc0924ca3a18bc6745b9c88ecb63099b1675
SHA256

289e13556ae6e08276cd2bcff306a0bdb32d46f4d3932bd0d60545d2647bef5c
SHA512

4f70d7f23c30ead8dc30cdacf0d80a7837c91f9510f857cd328c3b08582842e3bbc78d2ee2308140398f6ba70dad809750c57eeba41134191f5135fcc2bbdce3
SSDEEP

6144:j4thSUHz9HRg1c5Fm0Dq7VTu0Cdvm2MU3Iv7HCuqBl9scWBJy:eh3Hz9HeWFJDmV61AXuu6D

Score

10^/10

qakbot abc001 1599561498 banker cryptone discovery packer stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc001

Campaign

1599561498

C2

166.62.180.194:2078

99.240.226.2:443

95.77.144.238:443

85.122.141.42:995

31.53.49.169:2222

201.216.216.245:443

209.59.87.147:443

85.186.122.190:443

45.32.155.12:443

178.193.38.188:2222

89.137.211.72:443

66.215.32.224:443

199.247.22.145:443

71.84.5.114:995

216.201.162.158:443

47.146.32.175:443

75.81.25.223:443

178.222.21.87:995

24.234.86.201:995

68.33.206.204:443

Targets

- Target
  
  ea190c3dc8ebf2f4f434e5f61f0ff360N.exe
- Size
  
  5.7MB
- MD5
  
  ea190c3dc8ebf2f4f434e5f61f0ff360
- SHA1
  
  4457dc0924ca3a18bc6745b9c88ecb63099b1675
- SHA256
  
  289e13556ae6e08276cd2bcff306a0bdb32d46f4d3932bd0d60545d2647bef5c
- SHA512
  
  4f70d7f23c30ead8dc30cdacf0d80a7837c91f9510f857cd328c3b08582842e3bbc78d2ee2308140398f6ba70dad809750c57eeba41134191f5135fcc2bbdce3
- SSDEEP
  
  6144:j4thSUHz9HRg1c5Fm0Dq7VTu0Cdvm2MU3Iv7HCuqBl9scWBJy:eh3Hz9HeWFJDmV61AXuu6D
Score

10^/10

qakbot abc001 1599561498 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0011599561498bankerdiscoverystealertrojan

behavioral2

qakbotabc0011599561498bankerdiscoverystealertrojan