qakbot | e60cc81f630400a2fda362feb1d54fbbb9974f73232139b0c7af38b70408b9e7 | Triage

Sharing

General

Target

1b3aaa8206bb7fe453d79379d5b6ae72_JaffaCakes118
Size

689KB
Sample

240329-hfzfcscd84
MD5

1b3aaa8206bb7fe453d79379d5b6ae72
SHA1

96caed40aac51f3cb119a5edeb7a8b10c8b75a15
SHA256

e60cc81f630400a2fda362feb1d54fbbb9974f73232139b0c7af38b70408b9e7
SHA512

92b642b9b7d5de9eb608ef7fd3c6b0a0df360f0edef9f3f29eff60acc89973bc499cc6b1ef6802c8086bbe5b6496e12fa60b035ea36820c1c188cf4421c25f56
SSDEEP

12288:1rI0bPKn8p/S0jXgfFWVkMXl2xAgwFX2dpG83tNzZ0XssC82H6/vLy2MAc:VI0bP1XWMXsAZX6tcTLFM3

Score

10^/10

qakbot obama117 1634545803 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama117

Campaign

1634545803

C2

176.45.53.222:443

220.255.25.28:2222

91.178.126.51:995

2.222.167.138:443

65.100.174.110:995

105.198.236.99:995

115.96.64.9:995

196.207.140.40:995

24.231.209.2:2222

146.66.238.74:443

103.82.211.39:995

65.100.174.110:443

103.142.10.177:443

140.82.49.12:443

78.105.213.151:995

41.86.42.158:995

89.101.97.139:443

120.150.218.241:995

24.119.214.7:443

103.143.8.71:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  1b3aaa8206bb7fe453d79379d5b6ae72_JaffaCakes118
- Size
  
  689KB
- MD5
  
  1b3aaa8206bb7fe453d79379d5b6ae72
- SHA1
  
  96caed40aac51f3cb119a5edeb7a8b10c8b75a15
- SHA256
  
  e60cc81f630400a2fda362feb1d54fbbb9974f73232139b0c7af38b70408b9e7
- SHA512
  
  92b642b9b7d5de9eb608ef7fd3c6b0a0df360f0edef9f3f29eff60acc89973bc499cc6b1ef6802c8086bbe5b6496e12fa60b035ea36820c1c188cf4421c25f56
- SSDEEP
  
  12288:1rI0bPKn8p/S0jXgfFWVkMXl2xAgwFX2dpG83tNzZ0XssC82H6/vLy2MAc:VI0bP1XWMXsAZX6tcTLFM3
Score

10^/10

qakbot obama117 1634545803 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

qakbotobama1171634545803bankerevasionstealertrojan

behavioral2

qakbotobama1171634545803bankerevasionstealertrojan