qakbot | 9304d973589bebf6336042eb5d80e5ef04f3c7a355b71bd21067f15ae6e20ff8 | Triage

Sharing

General

Target

9304d973589bebf6336042eb5d80e5ef04f3c7a355b71bd21067f15ae6e20ff8N
Size

704KB
Sample

250112-1xr2qatpan
MD5

be0a77e967ea3d9387a9a56e0c4a9400
SHA1

dbf4f2ca6521a5e49e3b6187ffa129fbc542c261
SHA256

9304d973589bebf6336042eb5d80e5ef04f3c7a355b71bd21067f15ae6e20ff8
SHA512

8a79c785a5956f9c01eb0f417d57a5c1d016cbe4fe9391fba98c77a624bb64afa13f9315e240bbc02dbcb5a7782cf491d2e256f2933c2e1cc807365b70e49348
SSDEEP

12288:a/4CKNlAJZ6Xs9W3FW198yMX88/i/FLox:abKNlO6c43FS6yM2Ox

Score

10^/10

qakbot spx44 1575969975 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

323.91

Botnet

spx44

Campaign

1575969975

C2

70.164.39.91:443

96.35.170.82:2222

96.37.137.42:443

75.70.218.193:443

73.226.220.56:443

104.152.16.45:995

24.184.6.58:2222

5.182.39.156:443

162.244.224.166:443

75.131.72.82:995

67.10.18.112:993

104.32.185.213:2222

181.126.80.118:443

75.131.72.82:443

71.84.5.114:995

62.103.70.217:995

47.40.244.237:443

208.101.161.39:443

72.16.212.107:465

205.250.79.62:443

Targets

- Target
  
  9304d973589bebf6336042eb5d80e5ef04f3c7a355b71bd21067f15ae6e20ff8N
- Size
  
  704KB
- MD5
  
  be0a77e967ea3d9387a9a56e0c4a9400
- SHA1
  
  dbf4f2ca6521a5e49e3b6187ffa129fbc542c261
- SHA256
  
  9304d973589bebf6336042eb5d80e5ef04f3c7a355b71bd21067f15ae6e20ff8
- SHA512
  
  8a79c785a5956f9c01eb0f417d57a5c1d016cbe4fe9391fba98c77a624bb64afa13f9315e240bbc02dbcb5a7782cf491d2e256f2933c2e1cc807365b70e49348
- SSDEEP
  
  12288:a/4CKNlAJZ6Xs9W3FW198yMX88/i/FLox:abKNlO6c43FS6yM2Ox
Score

10^/10

qakbot spx44 1575969975 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotspx441575969975bankerdiscoverystealertrojan

behavioral2

qakbotspx441575969975bankerdiscoverystealertrojan