qakbot | 414e40d3c075919c25fdba9c3bc914227700f398d42dd5a3bb84d92d0a5e3351 | Triage

Sharing

General

Target

1f1b5e4487d71fd77319ac1fa5fbacb5_JaffaCakes118
Size

708KB
Sample

240702-m9l5cazbka
MD5

1f1b5e4487d71fd77319ac1fa5fbacb5
SHA1

524d2dc30a395ce85cf02c294df995af8aeba5e3
SHA256

414e40d3c075919c25fdba9c3bc914227700f398d42dd5a3bb84d92d0a5e3351
SHA512

74d1c7fbdac0a2550b603712a9d80860251534c5022af365fc5a70583a4b7b58dec5781cdbe7b08b5da0e049b2137b387be7b6140d37a514d85f59957840686a
SSDEEP

12288:AFbAcis08s7gQFMWC24/MFS+AWmdnWJIjJ5F3+DpEFs3H6v/+VoTN1:AtDis0dFA24/MFSptIJKnx+NE23a3+VY

Score

10^/10

qakbot obama106 1632905607 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama106

Campaign

1632905607

C2

37.210.152.224:995

120.151.47.189:443

105.198.236.99:443

122.11.220.212:2222

199.27.127.129:443

41.251.41.14:995

216.201.162.158:443

124.123.42.115:2078

181.118.183.94:443

120.150.218.241:995

185.250.148.74:443

217.17.56.163:443

182.181.78.18:995

140.82.49.12:443

105.159.144.186:995

89.101.97.139:443

217.17.56.163:0

27.223.92.142:995

95.77.223.148:443

109.190.253.11:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  1f1b5e4487d71fd77319ac1fa5fbacb5_JaffaCakes118
- Size
  
  708KB
- MD5
  
  1f1b5e4487d71fd77319ac1fa5fbacb5
- SHA1
  
  524d2dc30a395ce85cf02c294df995af8aeba5e3
- SHA256
  
  414e40d3c075919c25fdba9c3bc914227700f398d42dd5a3bb84d92d0a5e3351
- SHA512
  
  74d1c7fbdac0a2550b603712a9d80860251534c5022af365fc5a70583a4b7b58dec5781cdbe7b08b5da0e049b2137b387be7b6140d37a514d85f59957840686a
- SSDEEP
  
  12288:AFbAcis08s7gQFMWC24/MFS+AWmdnWJIjJ5F3+DpEFs3H6v/+VoTN1:AtDis0dFA24/MFSptIJKnx+NE23a3+VY
Score

10^/10

qakbot obama106 1632905607 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama1061632905607bankerevasionstealertrojan

behavioral2

qakbotobama1061632905607bankerevasionstealertrojan