qakbot | 612be3d31bbde599db89cb293b5b5ea2e9b7020ca3cadb7fbcc8f3627054146b | Triage

Sharing

General

Target

612be3d31bbde599db89cb293b5b5ea2e9b7020ca3cadb7fbcc8f3627054146b.exe
Size

704KB
Sample

250113-kxyw9sylar
MD5

40cd8343a9900f5c0484aa5ec45fac5e
SHA1

01d0aa199650529de47c262d4310e1e7f80eb4bf
SHA256

612be3d31bbde599db89cb293b5b5ea2e9b7020ca3cadb7fbcc8f3627054146b
SHA512

67ab7726e03800ab34a8862ca4fb231fdff5fde7106158115c7a871110d92d39f4d01d20864f662c32a615c8bd42dfc106fe4a8db9e6c13743fc2167d90d3c3f
SSDEEP

12288:a/4CKNlAJZ6Xs9W3FW198yMX88/i/FLoxU:abKNlO6c43FS6yM2OxU

Score

10^/10

qakbot spx44 1575969975 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

323.91

Botnet

spx44

Campaign

1575969975

C2

70.164.39.91:443

96.35.170.82:2222

96.37.137.42:443

75.70.218.193:443

73.226.220.56:443

104.152.16.45:995

24.184.6.58:2222

5.182.39.156:443

162.244.224.166:443

75.131.72.82:995

67.10.18.112:993

104.32.185.213:2222

181.126.80.118:443

75.131.72.82:443

71.84.5.114:995

62.103.70.217:995

47.40.244.237:443

208.101.161.39:443

72.16.212.107:465

205.250.79.62:443

Targets

- Target
  
  612be3d31bbde599db89cb293b5b5ea2e9b7020ca3cadb7fbcc8f3627054146b.exe
- Size
  
  704KB
- MD5
  
  40cd8343a9900f5c0484aa5ec45fac5e
- SHA1
  
  01d0aa199650529de47c262d4310e1e7f80eb4bf
- SHA256
  
  612be3d31bbde599db89cb293b5b5ea2e9b7020ca3cadb7fbcc8f3627054146b
- SHA512
  
  67ab7726e03800ab34a8862ca4fb231fdff5fde7106158115c7a871110d92d39f4d01d20864f662c32a615c8bd42dfc106fe4a8db9e6c13743fc2167d90d3c3f
- SSDEEP
  
  12288:a/4CKNlAJZ6Xs9W3FW198yMX88/i/FLoxU:abKNlO6c43FS6yM2OxU
Score

10^/10

qakbot spx44 1575969975 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotspx441575969975bankerdiscoverystealertrojan

behavioral2

qakbotspx441575969975bankerdiscoverystealertrojan