Extracted

• • Target

    e4f56d12cb38a4963f7e7892bcd2b85484364c196e39af4d1b5d8b8a36d8c8ec.exe

  • Size

    564KB

  • MD5

    43f52bc341e6bc7fc5ec02434713df80

  • SHA1

    509d72dd83cd53a620c110fccb7beafe9097c2d3

  • SHA256

    e4f56d12cb38a4963f7e7892bcd2b85484364c196e39af4d1b5d8b8a36d8c8ec

  • SHA512

    bd14c3e95282229a87dce9b6bb2dd6a31cf7a8e94121579e39b7341280f1b7494dbb18a3f72cc4a9f3ac568398f4a8d2e5d6e6b4f373e22534b0f4558d71c249

  • SSDEEP

    12288:P6Uupd48XXIMyXcGbqIo4hve1wHXGnx0me0KaznLxD2JA1h:P6UMsrHj3awHWnimjKar1DJh

  Score

  10^/10

  qakbot1542012699bankerdiscoverystealertrojan

  • Qakbot family

    qakbot

  • Qakbot/Qbot

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    trojanbankerstealerqakbot

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral1behavioral2