qakbot | 5e3dbb095a3ffb5428124921e0878c7dd1eba5a92ae1ae93625c3e569eb0b999 | Triage

Sharing

General

Target

4c547b4adf04d0e549206e26e617ad21_JaffaCakes118
Size

572KB
Sample

240331-eczeeadg96
MD5

4c547b4adf04d0e549206e26e617ad21
SHA1

65ae8cf4fe12e708fcddac4ccbe0ea0ad504d388
SHA256

5e3dbb095a3ffb5428124921e0878c7dd1eba5a92ae1ae93625c3e569eb0b999
SHA512

2af87705487cff6fe1c0d90b256624530a6aa844bc39e119086a3d58416bd24ccfa31e46dfee8d4f1dad7fb19f31fcc09cdca438e440687cae3a076d6959a233
SSDEEP

6144:VJVAfqX+2Rr+nxQDBO03fHEera3bpt5eHd:VvAfLfaEkAz5+

Score

10^/10

qakbot obama114 1634112211 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama114

Campaign

1634112211

C2

111.125.245.116:443

124.123.42.115:2222

103.250.38.115:443

68.117.229.117:443

189.252.166.130:32101

89.137.52.44:443

208.78.220.143:443

77.31.162.93:443

83.110.201.195:443

94.200.181.154:443

103.82.211.39:995

216.201.162.158:443

78.179.137.102:995

24.231.209.2:2222

63.143.92.99:995

140.82.49.12:443

73.230.205.91:443

41.86.42.158:995

220.255.25.28:2222

200.232.214.222:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  4c547b4adf04d0e549206e26e617ad21_JaffaCakes118
- Size
  
  572KB
- MD5
  
  4c547b4adf04d0e549206e26e617ad21
- SHA1
  
  65ae8cf4fe12e708fcddac4ccbe0ea0ad504d388
- SHA256
  
  5e3dbb095a3ffb5428124921e0878c7dd1eba5a92ae1ae93625c3e569eb0b999
- SHA512
  
  2af87705487cff6fe1c0d90b256624530a6aa844bc39e119086a3d58416bd24ccfa31e46dfee8d4f1dad7fb19f31fcc09cdca438e440687cae3a076d6959a233
- SSDEEP
  
  6144:VJVAfqX+2Rr+nxQDBO03fHEera3bpt5eHd:VvAfLfaEkAz5+
Score

10^/10

qakbot obama114 1634112211 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

qakbotobama1141634112211bankerevasionstealertrojan

behavioral2

qakbotobama1141634112211bankerevasionstealertrojan