qakbot | f93b8b6aedc9c13590c7eb2247c920e376ab33354e9ca4003834ab9f043006f0 | Triage

Sharing

General

Target

009f6d7f8f7bd721d5377051587ec42e_JaffaCakes118
Size

1.0MB
Sample

240426-m6bt7sfa6s
MD5

009f6d7f8f7bd721d5377051587ec42e
SHA1

916c4b50cc9640d456ff7a1503c5841977caa727
SHA256

f93b8b6aedc9c13590c7eb2247c920e376ab33354e9ca4003834ab9f043006f0
SHA512

bbcb1280322f464695594dc02f71c813f229b858a091068ab7f758e49a0e08473c75a0337b3758078590afad6f2dc86a343adba2bdb505f896af814d8c8f4e3b
SSDEEP

12288:zVbaHbD19/nXEx5xuzi6AoS5qt4cW+EEFsfZdGvvOWTbL:zZ+bh9cTottW+jKZI3OWTH

Score

10^/10

qakbot abc004 1600240826 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc004

Campaign

1600240826

C2

96.227.127.13:443

98.22.65.76:443

67.165.206.193:993

50.244.112.10:995

72.204.242.138:465

72.36.59.46:2222

68.174.15.223:443

69.11.247.242:443

75.81.25.223:443

95.77.223.148:443

47.146.32.175:443

50.232.172.114:443

24.231.54.185:2222

184.180.157.203:2222

190.31.192.182:443

84.47.220.117:995

96.18.240.158:443

117.199.14.80:443

184.97.148.2:443

207.255.161.8:993

Targets

- Target
  
  009f6d7f8f7bd721d5377051587ec42e_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  009f6d7f8f7bd721d5377051587ec42e
- SHA1
  
  916c4b50cc9640d456ff7a1503c5841977caa727
- SHA256
  
  f93b8b6aedc9c13590c7eb2247c920e376ab33354e9ca4003834ab9f043006f0
- SHA512
  
  bbcb1280322f464695594dc02f71c813f229b858a091068ab7f758e49a0e08473c75a0337b3758078590afad6f2dc86a343adba2bdb505f896af814d8c8f4e3b
- SSDEEP
  
  12288:zVbaHbD19/nXEx5xuzi6AoS5qt4cW+EEFsfZdGvvOWTbL:zZ+bh9cTottW+jKZI3OWTH
Score

10^/10

qakbot abc004 1600240826 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0041600240826bankerstealertrojan

behavioral2

qakbotabc0041600240826bankerstealertrojan