Overview

overview

10

Static

static

10

20efcddcbd...18.exe

windows7-x64

10

20efcddcbd...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20efcddcbdd32c1b9648a4d50d2a29bb_JaffaCakes118

  • Size

    221KB

  • Sample

    240507-swclmsda2v

  • MD5

    20efcddcbdd32c1b9648a4d50d2a29bb

  • SHA1

    b36284f8d8f3a193ef9f0aa2465eee0deca99d94

  • SHA256

    fd1e4ecef5aed84a1e9cf04271111c5041d6c50c850b75959932927cf875293a

  • SHA512

    067da669c2d212537426a4027cfb326216c5fb31f4e2cbbc881dc0a6cf99688a303b076b9256f87243d75b19b73ac475400c4a30da8aa6bacce66bd2c59ca8a4

  • SSDEEP

    6144:afb0rHntqUtSsDWXjU5YVFsWfefYwd8h:hksDMjU5YVaWkd

Score
10/10
qakbotspx851585321881bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.70

Botnet

spx85

Campaign

1585321881

C2

201.152.111.104:995

181.197.195.138:995

96.35.170.82:2222

50.244.112.10:443

174.126.230.25:443

74.33.70.220:443

72.80.137.215:443

86.121.120.255:443

108.190.151.108:2222

70.166.158.118:443

24.229.245.124:995

71.187.170.235:443

49.191.6.183:995

71.80.45.253:443

46.214.62.199:443

76.107.242.174:443

79.116.229.1:995

31.5.172.53:443

71.172.110.236:443

94.98.82.131:443

Targets

    • Target

      20efcddcbdd32c1b9648a4d50d2a29bb_JaffaCakes118

    • Size

      221KB

    • MD5

      20efcddcbdd32c1b9648a4d50d2a29bb

    • SHA1

      b36284f8d8f3a193ef9f0aa2465eee0deca99d94

    • SHA256

      fd1e4ecef5aed84a1e9cf04271111c5041d6c50c850b75959932927cf875293a

    • SHA512

      067da669c2d212537426a4027cfb326216c5fb31f4e2cbbc881dc0a6cf99688a303b076b9256f87243d75b19b73ac475400c4a30da8aa6bacce66bd2c59ca8a4

    • SSDEEP

      6144:afb0rHntqUtSsDWXjU5YVFsWfefYwd8h:hksDMjU5YVaWkd

    Score
    10/10
    qakbotbankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks