qakbot | fe76123b984d98fbe36963eb9cb54901a78038db8d574b5e5b95fbb8bf3809c6 | Triage

Sharing

General

Target

fe76123b984d98fbe36963eb9cb54901a78038db8d574b5e5b95fbb8bf3809c6N.exe
Size

343KB
Sample

241216-l5flbswjcw
MD5

68edc294607e005b4c612aadfa7e0130
SHA1

2c010769008367d0d913216e3e812f673d7345a4
SHA256

fe76123b984d98fbe36963eb9cb54901a78038db8d574b5e5b95fbb8bf3809c6
SHA512

bdcbad993d04614ce72be362ae94f597a729974a35b25af3093e0d37c0450ed3a41c77bc2c474ab8ad702b004fee79ddecd82909692ecd250d4d53e48878ff9b
SSDEEP

6144:Ats86UY9Pnx5aQULfR4HipJGQs0ltFZEHOW9Pnz1UVQo7E/MWFeZi/m6h0:ACjL9PnaQUjKKFBlDZEHOGhwQo7E/mZ3

Score

10^/10

qakbot abc028 1605010939 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.59

Botnet

abc028

Campaign

1605010939

C2

86.98.145.152:2222

90.101.117.122:2222

94.69.112.148:2222

81.150.181.168:2222

82.127.125.209:2222

86.140.82.116:20

81.214.126.173:2222

172.87.157.235:443

176.181.247.197:443

41.206.131.156:443

82.127.125.209:990

81.133.234.36:2222

197.45.110.165:995

37.6.222.192:995

86.97.162.141:2222

37.116.152.122:2222

92.154.83.96:1194

101.189.22.159:2222

74.129.26.119:443

59.99.38.231:443

Targets

- Target
  
  fe76123b984d98fbe36963eb9cb54901a78038db8d574b5e5b95fbb8bf3809c6N.exe
- Size
  
  343KB
- MD5
  
  68edc294607e005b4c612aadfa7e0130
- SHA1
  
  2c010769008367d0d913216e3e812f673d7345a4
- SHA256
  
  fe76123b984d98fbe36963eb9cb54901a78038db8d574b5e5b95fbb8bf3809c6
- SHA512
  
  bdcbad993d04614ce72be362ae94f597a729974a35b25af3093e0d37c0450ed3a41c77bc2c474ab8ad702b004fee79ddecd82909692ecd250d4d53e48878ff9b
- SSDEEP
  
  6144:Ats86UY9Pnx5aQULfR4HipJGQs0ltFZEHOW9Pnz1UVQo7E/MWFeZi/m6h0:ACjL9PnaQUjKKFBlDZEHOGhwQo7E/mZ3
Score

10^/10

qakbot abc028 1605010939 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0281605010939bankerdiscoverystealertrojan

behavioral2

qakbotabc0281605010939bankerdiscoverystealertrojan