qakbot | c73067384765ba26b0d162ce826c8a1431e26c16ecbf4544c5fc7fd2313e5f3b

General

Target

e194bc1c3f3ba138a2ab72e6f2df8e2a_JaffaCakes118
Size

539KB
Sample

240406-lm61kagb23
MD5

e194bc1c3f3ba138a2ab72e6f2df8e2a
SHA1

34189f1fc6ca3adb676280ea5eef970186a5f80f
SHA256

c73067384765ba26b0d162ce826c8a1431e26c16ecbf4544c5fc7fd2313e5f3b
SHA512

e026397083e84ff7909ffcac83a60960cec5027a927c296826f39b67ed62a0d4f3a6e29d126b4b0eb0e72c03153fe2221ce1e73ca8617334b8b6eb646147c89d
SSDEEP

12288:J1ghp5DubQWErdxA+zM5miTrqZj1kENwNmhxOANU:G9rv05T+ZjHNwKOA

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.318

Botnet

obama102

Campaign

1632302707

C2

120.150.218.241:995

47.22.148.6:443

105.198.236.99:443

95.77.223.148:443

140.82.49.12:443

27.223.92.142:995

73.151.236.31:443

136.232.34.70:443

144.139.47.206:443

45.46.53.140:2222

76.25.142.196:443

173.21.10.71:2222

75.188.35.168:443

71.74.12.34:443

96.37.113.36:993

67.165.206.193:993

189.210.115.207:443

72.252.201.69:443

24.139.72.117:443

24.229.150.54:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  e194bc1c3f3ba138a2ab72e6f2df8e2a_JaffaCakes118
- Size
  
  539KB
- MD5
  
  e194bc1c3f3ba138a2ab72e6f2df8e2a
- SHA1
  
  34189f1fc6ca3adb676280ea5eef970186a5f80f
- SHA256
  
  c73067384765ba26b0d162ce826c8a1431e26c16ecbf4544c5fc7fd2313e5f3b
- SHA512
  
  e026397083e84ff7909ffcac83a60960cec5027a927c296826f39b67ed62a0d4f3a6e29d126b4b0eb0e72c03153fe2221ce1e73ca8617334b8b6eb646147c89d
- SSDEEP
  
  12288:J1ghp5DubQWErdxA+zM5miTrqZj1kENwNmhxOANU:G9rv05T+ZjHNwKOA
Score

10^/10

qakbot obama102 1632302707 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1

T1053

Persistence

Scheduled Task/Job

1

T1053

Privilege Escalation

Scheduled Task/Job

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2