Overview

overview

10

Static

static

1

009f6d7f8f...18.exe

windows7-x64

10

009f6d7f8f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    009f6d7f8f7bd721d5377051587ec42e_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240426-m6bt7sfa6s

  • MD5

    009f6d7f8f7bd721d5377051587ec42e

  • SHA1

    916c4b50cc9640d456ff7a1503c5841977caa727

  • SHA256

    f93b8b6aedc9c13590c7eb2247c920e376ab33354e9ca4003834ab9f043006f0

  • SHA512

    bbcb1280322f464695594dc02f71c813f229b858a091068ab7f758e49a0e08473c75a0337b3758078590afad6f2dc86a343adba2bdb505f896af814d8c8f4e3b

  • SSDEEP

    12288:zVbaHbD19/nXEx5xuzi6AoS5qt4cW+EEFsfZdGvvOWTbL:zZ+bh9cTottW+jKZI3OWTH

Score
10/10
qakbotabc0041600240826bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc004

Campaign

1600240826

C2

96.227.127.13:443

98.22.65.76:443

67.165.206.193:993

50.244.112.10:995

72.204.242.138:465

72.36.59.46:2222

68.174.15.223:443

69.11.247.242:443

75.81.25.223:443

95.77.223.148:443

47.146.32.175:443

50.232.172.114:443

24.231.54.185:2222

184.180.157.203:2222

190.31.192.182:443

84.47.220.117:995

96.18.240.158:443

117.199.14.80:443

184.97.148.2:443

207.255.161.8:993

Targets

    • Target

      009f6d7f8f7bd721d5377051587ec42e_JaffaCakes118

    • Size

      1.0MB

    • MD5

      009f6d7f8f7bd721d5377051587ec42e

    • SHA1

      916c4b50cc9640d456ff7a1503c5841977caa727

    • SHA256

      f93b8b6aedc9c13590c7eb2247c920e376ab33354e9ca4003834ab9f043006f0

    • SHA512

      bbcb1280322f464695594dc02f71c813f229b858a091068ab7f758e49a0e08473c75a0337b3758078590afad6f2dc86a343adba2bdb505f896af814d8c8f4e3b

    • SSDEEP

      12288:zVbaHbD19/nXEx5xuzi6AoS5qt4cW+EEFsfZdGvvOWTbL:zZ+bh9cTottW+jKZI3OWTH

    Score
    10/10
    qakbotabc0041600240826bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks