qakbot | 815196f48cb3c971a8ac255edc13da5c05e254c7882e8a493e26628e7533fc1e | Triage

Sharing

General

Target

2025-03-29_dc327c59164dbdefe299df64868cd71a_amadey_smoke-loader
Size

1.9MB
Sample

250329-xvtkzsy1gt
MD5

dc327c59164dbdefe299df64868cd71a
SHA1

5016093fb68bad4029528b27946d3d19ace979db
SHA256

815196f48cb3c971a8ac255edc13da5c05e254c7882e8a493e26628e7533fc1e
SHA512

5549279f2e648cc57a4d722d9f92d4290cc6b558af2866c1cc508d86c0740a6254f6d01eb9e9a4efd60b6446cab2533f463159b04ae448ccb04e788761c00878
SSDEEP

24576:ieXpNYNyBvGt7SJ5XqZeQ7o7/XakILfyZFOBz:1pNo7SJN0a7/XRIOX

Score

10^/10

qakbot abc026 1604404702 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.59

Botnet

abc026

Campaign

1604404702

C2

96.243.35.201:443

46.53.16.93:443

217.165.2.92:995

37.106.7.143:443

67.6.55.77:443

89.136.39.108:443

2.50.58.76:443

188.25.158.61:443

45.63.107.192:995

45.32.154.10:443

94.52.160.116:443

45.63.107.192:2222

45.63.107.192:443

72.204.242.138:465

84.117.176.32:443

95.77.223.148:443

47.146.39.147:443

41.225.13.128:8443

80.14.209.42:2222

190.220.8.10:995

Targets

- Target
  
  2025-03-29_dc327c59164dbdefe299df64868cd71a_amadey_smoke-loader
- Size
  
  1.9MB
- MD5
  
  dc327c59164dbdefe299df64868cd71a
- SHA1
  
  5016093fb68bad4029528b27946d3d19ace979db
- SHA256
  
  815196f48cb3c971a8ac255edc13da5c05e254c7882e8a493e26628e7533fc1e
- SHA512
  
  5549279f2e648cc57a4d722d9f92d4290cc6b558af2866c1cc508d86c0740a6254f6d01eb9e9a4efd60b6446cab2533f463159b04ae448ccb04e788761c00878
- SSDEEP
  
  24576:ieXpNYNyBvGt7SJ5XqZeQ7o7/XakILfyZFOBz:1pNo7SJN0a7/XRIOX
Score

10^/10

qakbot abc026 1604404702 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0261604404702bankerdiscoverystealertrojan

behavioral2

qakbotabc0261604404702bankerdiscoverystealertrojan