qakbot | 3e9ed6480b64da24716b39f73063051d360772a1063d4aa87abedb7e3c0f7307 | Triage

Sharing

General

Target

5829dd1dfdd90417d7b024ddbb57cfe4_JaffaCakes118
Size

398KB
Sample

240718-twvmwszdkh
MD5

5829dd1dfdd90417d7b024ddbb57cfe4
SHA1

54ec184f9fc5f72c4204c19b77908d5d6c3fa65f
SHA256

3e9ed6480b64da24716b39f73063051d360772a1063d4aa87abedb7e3c0f7307
SHA512

82a85dd65f0a1314549e9df49765d44902848cfb3339f456738fc3dc802f592a4a3eaecd2ce0898d3ee29ff44280b0365fa56041894891b6b783176a67b47962
SSDEEP

6144:59ykYklEwrPmRPWEpWFn2E6lyDntvhhOU35RJEesN23wU7HuAmHK+9:f2wr03pdf8vhhOKJET8Byq+9

Score

10^/10

qakbot biden01 1613656969 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

biden01

Campaign

1613656969

C2

172.87.157.235:3389

173.184.119.153:995

81.150.181.168:2222

71.187.170.235:443

197.45.110.165:995

86.160.137.132:443

86.236.77.68:2222

106.51.85.162:443

108.31.15.10:995

38.92.225.121:443

72.252.201.69:443

71.117.132.169:443

98.173.34.212:995

83.110.12.140:2222

95.77.223.148:443

41.39.134.183:443

85.52.72.32:2222

195.12.154.8:443

108.160.123.244:443

96.57.188.174:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  5829dd1dfdd90417d7b024ddbb57cfe4_JaffaCakes118
- Size
  
  398KB
- MD5
  
  5829dd1dfdd90417d7b024ddbb57cfe4
- SHA1
  
  54ec184f9fc5f72c4204c19b77908d5d6c3fa65f
- SHA256
  
  3e9ed6480b64da24716b39f73063051d360772a1063d4aa87abedb7e3c0f7307
- SHA512
  
  82a85dd65f0a1314549e9df49765d44902848cfb3339f456738fc3dc802f592a4a3eaecd2ce0898d3ee29ff44280b0365fa56041894891b6b783176a67b47962
- SSDEEP
  
  6144:59ykYklEwrPmRPWEpWFn2E6lyDntvhhOU35RJEesN23wU7HuAmHK+9:f2wr03pdf8vhhOKJET8Byq+9
Score

10^/10

qakbot biden01 1613656969 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotbiden011613656969bankerstealertrojan

behavioral2

qakbotbiden011613656969bankerstealertrojan