qakbot | cedcd719b52774f5324f7ef876eb0e6520fbeba62af349f72f7378dbfb49f532 | Triage

Sharing

General

Target

cedcd719b52774f5324f7ef876eb0e6520fbeba62af349f72f7378dbfb49f532.exe
Size

1.2MB
Sample

250117-e17exsspgn
MD5

ca101ba3d1eba7b2d9da01493744f2a4
SHA1

0e9a8d23e073bcd742fff7cb38d5921b9a39ed2f
SHA256

cedcd719b52774f5324f7ef876eb0e6520fbeba62af349f72f7378dbfb49f532
SHA512

0e49a5b63e5009823473c9a042c9a6875b508f0317d5ba1149fd4fcdb5e481f055a1bc8fd190828ad9804c5b2566ec34e088a5e1df014d88d33bb7a59f4d91bb
SSDEEP

6144:JsHHUPFY76DEoS5rYU/LPlbuo2YILNkFVZ5VfUllOp2n2FxHot1WL+Lwb5tJRN:fs6AoS5EU/Lp56kBgXOInmNouL+Lwb5n

Score

10^/10

qakbot abc008 1600855273 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc008

Campaign

1600855273

C2

77.30.99.99:995

122.165.181.76:995

72.28.255.159:995

108.46.145.30:443

45.77.193.83:443

207.246.75.201:443

108.5.34.248:443

203.198.96.200:443

188.52.107.171:995

184.96.141.112:993

74.129.24.163:443

24.218.181.15:443

197.57.51.59:443

217.162.149.212:443

24.27.82.216:2222

78.97.3.6:443

96.41.93.96:443

197.210.96.222:995

45.32.154.10:443

199.247.16.80:443

Targets

- Target
  
  cedcd719b52774f5324f7ef876eb0e6520fbeba62af349f72f7378dbfb49f532.exe
- Size
  
  1.2MB
- MD5
  
  ca101ba3d1eba7b2d9da01493744f2a4
- SHA1
  
  0e9a8d23e073bcd742fff7cb38d5921b9a39ed2f
- SHA256
  
  cedcd719b52774f5324f7ef876eb0e6520fbeba62af349f72f7378dbfb49f532
- SHA512
  
  0e49a5b63e5009823473c9a042c9a6875b508f0317d5ba1149fd4fcdb5e481f055a1bc8fd190828ad9804c5b2566ec34e088a5e1df014d88d33bb7a59f4d91bb
- SSDEEP
  
  6144:JsHHUPFY76DEoS5rYU/LPlbuo2YILNkFVZ5VfUllOp2n2FxHot1WL+Lwb5tJRN:fs6AoS5EU/Lp56kBgXOInmNouL+Lwb5n
Score

10^/10

qakbot abc008 1600855273 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0081600855273bankerdiscoverystealertrojan

behavioral2

qakbotabc0081600855273bankerdiscoverystealertrojan