qakbot | b3781927bcf7932c336630f636f47cbdba47e2f5aa94039f87fbb15797455535 | Triage

Sharing

General

Target

611fb912ca0d8a8d6b57a5fe54c4b3ad_JaffaCakes118
Size

221KB
Sample

240520-2dc9wshg22
MD5

611fb912ca0d8a8d6b57a5fe54c4b3ad
SHA1

d30d809df1e1f8db5511621c4869cf954d9ffe32
SHA256

b3781927bcf7932c336630f636f47cbdba47e2f5aa94039f87fbb15797455535
SHA512

812426a098f3d277e9d004e9fd288d2fe26ba410d4a79db1338c8f8faca03cb0f33da84f1f8575ab37dd554e26cff52428c3c10cc585d1c96df88e140ae056ef
SSDEEP

6144:9iCJP2aHc28pmBIUFqOkTo2/Pd7IYbUN0DQ2:9f82DICqJTo2tcqUN

Score

10^/10

qakbot spx88 1585759147 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

324.75

Botnet

spx88

Campaign

1585759147

C2

70.171.43.208:443

75.183.171.155:3389

68.49.120.179:443

189.160.175.134:443

24.168.237.215:443

5.14.217.101:443

47.40.244.237:443

71.77.252.14:2222

184.176.139.8:443

47.39.76.74:443

72.29.181.77:2222

208.101.148.129:995

100.40.48.96:443

5.233.232.81:61202

188.241.126.118:443

68.174.15.223:443

64.19.74.29:995

70.170.111.174:443

75.82.228.209:443

63.155.135.211:995

Targets

- Target
  
  611fb912ca0d8a8d6b57a5fe54c4b3ad_JaffaCakes118
- Size
  
  221KB
- MD5
  
  611fb912ca0d8a8d6b57a5fe54c4b3ad
- SHA1
  
  d30d809df1e1f8db5511621c4869cf954d9ffe32
- SHA256
  
  b3781927bcf7932c336630f636f47cbdba47e2f5aa94039f87fbb15797455535
- SHA512
  
  812426a098f3d277e9d004e9fd288d2fe26ba410d4a79db1338c8f8faca03cb0f33da84f1f8575ab37dd554e26cff52428c3c10cc585d1c96df88e140ae056ef
- SSDEEP
  
  6144:9iCJP2aHc28pmBIUFqOkTo2/Pd7IYbUN0DQ2:9f82DICqJTo2tcqUN
Score

10^/10

qakbot banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

spx881585759147qakbot

behavioral1

qakbotbankerstealertrojan

behavioral2

qakbotbankerstealertrojan