qakbot | b66b7bfcdc8d6fb55fe600c20302405a22e1e7b60a0bb1e48a0ccf4e5daf8e50 | Triage

Sharing

General

Target

218327da4a1a070de03b9c07cae4abc3_JaffaCakes118
Size

1.1MB
Sample

240507-yrmtpsfg78
MD5

218327da4a1a070de03b9c07cae4abc3
SHA1

b42245b80511b5600df1d5ddea40fce78674fba5
SHA256

b66b7bfcdc8d6fb55fe600c20302405a22e1e7b60a0bb1e48a0ccf4e5daf8e50
SHA512

dc1f00d8a16eefcdaa896106a01702e9d13a18d532733b4f8edffbe57ebd98a790c1b51c7eefff3e6b5ea8927691649c536a72f1cc0ff1630ae642184049ef5c
SSDEEP

6144:1Ug69tR5KCcCg8nqVbkQSaPOnNxRQVwSav4dyxDYoQYJUpg1MwE4s0m+Z1Af6kr:y99trKTX84bkQfUO/aQdeMo3e+k4jAC8

Score

10^/10

qakbot abc005 1600415827 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc005

Campaign

1600415827

C2

50.244.112.10:995

207.237.1.152:443

184.97.148.2:443

207.255.161.8:993

69.167.206.238:50001

72.36.59.46:2222

173.26.189.151:443

2.50.59.177:443

217.162.149.212:443

199.247.22.145:443

203.106.195.67:443

109.154.214.224:2222

117.199.14.31:443

175.211.225.118:443

188.51.33.232:995

50.244.112.106:443

65.30.213.13:6882

24.37.178.158:443

47.28.131.209:443

207.255.161.8:995

Targets

- Target
  
  218327da4a1a070de03b9c07cae4abc3_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  218327da4a1a070de03b9c07cae4abc3
- SHA1
  
  b42245b80511b5600df1d5ddea40fce78674fba5
- SHA256
  
  b66b7bfcdc8d6fb55fe600c20302405a22e1e7b60a0bb1e48a0ccf4e5daf8e50
- SHA512
  
  dc1f00d8a16eefcdaa896106a01702e9d13a18d532733b4f8edffbe57ebd98a790c1b51c7eefff3e6b5ea8927691649c536a72f1cc0ff1630ae642184049ef5c
- SSDEEP
  
  6144:1Ug69tR5KCcCg8nqVbkQSaPOnNxRQVwSav4dyxDYoQYJUpg1MwE4s0m+Z1Af6kr:y99trKTX84bkQfUO/aQdeMo3e+k4jAC8
Score

10^/10

qakbot abc005 1600415827 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0051600415827bankerstealertrojan

behavioral2

qakbotabc0051600415827bankerstealertrojan