qakbot | 414e40d3c075919c25fdba9c3bc914227700f398d42dd5a3bb84d92d0a5e3351 | Triage

Sharing

General

Target

1f1b5e4487d71fd77319ac1fa5fbacb5_JaffaCakes118
Size

708KB
Sample

240702-m9l5cazbka
MD5

1f1b5e4487d71fd77319ac1fa5fbacb5
SHA1

524d2dc30a395ce85cf02c294df995af8aeba5e3
SHA256

414e40d3c075919c25fdba9c3bc914227700f398d42dd5a3bb84d92d0a5e3351
SHA512

74d1c7fbdac0a2550b603712a9d80860251534c5022af365fc5a70583a4b7b58dec5781cdbe7b08b5da0e049b2137b387be7b6140d37a514d85f59957840686a
SSDEEP

12288:AFbAcis08s7gQFMWC24/MFS+AWmdnWJIjJ5F3+DpEFs3H6v/+VoTN1:AtDis0dFA24/MFSptIJKnx+NE23a3+VY

Score

10^/10

qakbot obama106 1632905607 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama106

Campaign

1632905607

C2

37.210.152.224:995

120.151.47.189:443

105.198.236.99:443

122.11.220.212:2222

199.27.127.129:443

41.251.41.14:995

216.201.162.158:443

124.123.42.115:2078

181.118.183.94:443

120.150.218.241:995

185.250.148.74:443

217.17.56.163:443

182.181.78.18:995

140.82.49.12:443

105.159.144.186:995

89.101.97.139:443

217.17.56.163:0

27.223.92.142:995

95.77.223.148:443

109.190.253.11:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  1f1b5e4487d71fd77319ac1fa5fbacb5_JaffaCakes118
- Size
  
  708KB
- MD5
  
  1f1b5e4487d71fd77319ac1fa5fbacb5
- SHA1
  
  524d2dc30a395ce85cf02c294df995af8aeba5e3
- SHA256
  
  414e40d3c075919c25fdba9c3bc914227700f398d42dd5a3bb84d92d0a5e3351
- SHA512
  
  74d1c7fbdac0a2550b603712a9d80860251534c5022af365fc5a70583a4b7b58dec5781cdbe7b08b5da0e049b2137b387be7b6140d37a514d85f59957840686a
- SSDEEP
  
  12288:AFbAcis08s7gQFMWC24/MFS+AWmdnWJIjJ5F3+DpEFs3H6v/+VoTN1:AtDis0dFA24/MFSptIJKnx+NE23a3+VY
Score

10^/10

qakbot obama106 1632905607 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

qakbotobama1061632905607bankerevasionstealertrojan

behavioral2

qakbotobama1061632905607bankerevasionstealertrojan