qakbot | 1b740347452abb85ca6d909d8599ef710d02198c16eceb44a39d4aa111aa9566

General

Target

0409e898d181659e1c4be6f5c9611906_JaffaCakes118
Size

823KB
Sample

240328-m73djsba2y
MD5

0409e898d181659e1c4be6f5c9611906
SHA1

4b528abaa5d5101eff071a6d3c81229dc3b37fe3
SHA256

1b740347452abb85ca6d909d8599ef710d02198c16eceb44a39d4aa111aa9566
SHA512

baf3086229ddecd2354b653736c01171cd1fad449125e622b086025a56e85c939fe3dc1b06b415d8bc644736144bb4f5859f48f3d9a9d75b06e31932867129a3
SSDEEP

12288:X0y8ZOB93YJh6kwi4eYHc+12GPUhW1brsZaesX/OkSAIV5TQi/c+FI2PXmkp5:X0yMQFViB7IOkesPIVVZQi/csIbk/

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.318

Botnet

obama100

Campaign

1632151873

C2

45.46.53.140:2222

144.139.47.206:443

189.210.115.207:443

120.150.218.241:995

47.22.148.6:443

140.82.49.12:443

24.139.72.117:443

24.229.150.54:995

24.55.112.61:443

136.232.34.70:443

95.77.223.148:443

173.21.10.71:2222

76.25.142.196:443

96.37.113.36:993

71.74.12.34:443

73.151.236.31:443

67.165.206.193:993

109.12.111.14:443

68.204.7.158:443

105.198.236.99:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  0409e898d181659e1c4be6f5c9611906_JaffaCakes118
- Size
  
  823KB
- MD5
  
  0409e898d181659e1c4be6f5c9611906
- SHA1
  
  4b528abaa5d5101eff071a6d3c81229dc3b37fe3
- SHA256
  
  1b740347452abb85ca6d909d8599ef710d02198c16eceb44a39d4aa111aa9566
- SHA512
  
  baf3086229ddecd2354b653736c01171cd1fad449125e622b086025a56e85c939fe3dc1b06b415d8bc644736144bb4f5859f48f3d9a9d75b06e31932867129a3
- SSDEEP
  
  12288:X0y8ZOB93YJh6kwi4eYHc+12GPUhW1brsZaesX/OkSAIV5TQi/c+FI2PXmkp5:X0yMQFViB7IOkesPIVVZQi/csIbk/
Score

10^/10

qakbot obama100 1632151873 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1

T1053

Persistence

Scheduled Task/Job

1

T1053

Privilege Escalation

Scheduled Task/Job

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2