Overview

overview

10

Static

static

3

5d568a9de6...18.exe

windows7-x64

10

5d568a9de6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d568a9de60d5265370f58305f1d942d_JaffaCakes118

  • Size

    400KB

  • Sample

    240520-ftks1sdf8t

  • MD5

    5d568a9de60d5265370f58305f1d942d

  • SHA1

    b249a7bbda785a1194c6a40699439a639a806521

  • SHA256

    767bfbc1a25997de2d6203b7ec79afe012f1049eda612efb5c51e4da68972b58

  • SHA512

    0e80dbcc822ec875eed248ca62a587ca146ada754a85decf4ac833b76a6c2a909719d5479b5ab721bcd14a599ebdfdef7f456d8007f5eb8d9b6e1b57584dd227

  • SSDEEP

    6144:g68gSfhk7ElpHrVbUWGDctV7GhmER2a+RspHaLp5j1mcY3mEDm8I0:g68gOhYyHrVdGU1GhmhRsuRY3fw0

Score
10/10
qakbotspx551579706138bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.8

Botnet

spx55

Campaign

1579706138

C2

104.191.66.184:443

173.79.220.156:443

83.76.204.98:2222

24.189.222.222:2222

65.33.58.73:443

74.194.4.181:443

72.90.243.117:443

97.96.51.117:443

186.47.208.238:50000

98.121.187.78:443

76.23.204.29:443

109.169.194.16:21

24.201.79.208:2078

72.218.167.183:443

69.123.179.70:443

68.14.210.246:22

67.250.76.135:443

205.250.79.62:443

72.255.200.129:2222

71.201.79.21:2222

Targets

    • Target

      5d568a9de60d5265370f58305f1d942d_JaffaCakes118

    • Size

      400KB

    • MD5

      5d568a9de60d5265370f58305f1d942d

    • SHA1

      b249a7bbda785a1194c6a40699439a639a806521

    • SHA256

      767bfbc1a25997de2d6203b7ec79afe012f1049eda612efb5c51e4da68972b58

    • SHA512

      0e80dbcc822ec875eed248ca62a587ca146ada754a85decf4ac833b76a6c2a909719d5479b5ab721bcd14a599ebdfdef7f456d8007f5eb8d9b6e1b57584dd227

    • SSDEEP

      6144:g68gSfhk7ElpHrVbUWGDctV7GhmER2a+RspHaLp5j1mcY3mEDm8I0:g68gOhYyHrVdGU1GhmhRsuRY3fw0

    Score
    10/10
    qakbotspx551579706138bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks