qakbot | 7cd8216e129493641bbe7f573b13425bcf52923bad83ee532abd66fed293d9fc | Triage

Sharing

General

Target

dbf66cf845c6af2445cb611215c84282_JaffaCakes118
Size

905KB
Sample

240406-fqnqhabd3z
MD5

dbf66cf845c6af2445cb611215c84282
SHA1

ae1c4b5d117e57bf8d541edab0e0bd100db07ea1
SHA256

7cd8216e129493641bbe7f573b13425bcf52923bad83ee532abd66fed293d9fc
SHA512

300c569c6221b7d24ecee114d9cee1a7f9f6873de2ba21cf41f115f2e456a81b7348b584c1d5c442b5bfa3624538f16e3f9e7f756158a302f12187f657c984b7
SSDEEP

12288:dU7AzcO18OcZtc98uEE8aPfR6xa7jg0Ii3pSGdSJbbIclZg5i0WBRLuMdgX2rbnj:GAzcO1T0yfR6lxcYIYZDqM9n7Bn

Score

10^/10

qakbot obama116 1634289383 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama116

Campaign

1634289383

C2

41.228.22.180:443

188.55.249.239:995

120.150.218.241:995

37.117.191.19:2222

68.204.7.158:443

81.241.252.59:2078

196.207.140.40:995

174.54.193.186:443

63.143.92.99:995

197.89.144.200:443

86.220.112.26:2222

73.52.50.32:443

103.82.211.39:465

146.66.238.74:443

167.248.117.81:443

2.222.167.138:443

181.118.183.94:443

103.82.211.39:995

78.179.137.102:995

89.137.52.44:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  dbf66cf845c6af2445cb611215c84282_JaffaCakes118
- Size
  
  905KB
- MD5
  
  dbf66cf845c6af2445cb611215c84282
- SHA1
  
  ae1c4b5d117e57bf8d541edab0e0bd100db07ea1
- SHA256
  
  7cd8216e129493641bbe7f573b13425bcf52923bad83ee532abd66fed293d9fc
- SHA512
  
  300c569c6221b7d24ecee114d9cee1a7f9f6873de2ba21cf41f115f2e456a81b7348b584c1d5c442b5bfa3624538f16e3f9e7f756158a302f12187f657c984b7
- SSDEEP
  
  12288:dU7AzcO18OcZtc98uEE8aPfR6xa7jg0Ii3pSGdSJbbIclZg5i0WBRLuMdgX2rbnj:GAzcO1T0yfR6lxcYIYZDqM9n7Bn
Score

10^/10

qakbot obama116 1634289383 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama1161634289383bankerevasionstealertrojan

behavioral2

qakbotobama1161634289383bankerevasionstealertrojan