qakbot | 0dfa8d04fff81c0abaa91bdd60203a22606be027365967383f3a75cc1fb65c96 | Triage

Sharing

General

Target

5906b211144bb691aba80030e1aeebc5_JaffaCakes118
Size

957KB
Sample

240718-zp2qhswckj
MD5

5906b211144bb691aba80030e1aeebc5
SHA1

1912a17b81527a4703093e95e3985780ae73f01d
SHA256

0dfa8d04fff81c0abaa91bdd60203a22606be027365967383f3a75cc1fb65c96
SHA512

ae16d01e5abbc1a609141ea27fc7fdc9bce8bb8e05be714ad1d30eb67c48b69f7144e44c26fa0c2c8964a2f08edc64b655dd25ac1cad2f00f3c05c329c4c7656
SSDEEP

24576:ixvBJCYfTVuEw7wJarOIq0PqJtp050YjpovM:iolEJtWyYqvM

Score

10^/10

qakbot tr 1613385567 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

tr

Campaign

1613385567

C2

78.63.226.32:443

197.51.82.72:443

193.248.221.184:2222

95.77.223.148:443

71.199.192.62:443

77.211.30.202:995

80.227.5.69:443

77.27.204.204:995

81.97.154.100:443

173.184.119.153:995

38.92.225.121:443

81.150.181.168:2222

90.65.236.181:2222

83.110.103.152:443

73.153.211.227:443

188.25.63.105:443

89.137.211.239:995

202.188.138.162:443

98.173.34.212:995

87.202.87.210:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  5906b211144bb691aba80030e1aeebc5_JaffaCakes118
- Size
  
  957KB
- MD5
  
  5906b211144bb691aba80030e1aeebc5
- SHA1
  
  1912a17b81527a4703093e95e3985780ae73f01d
- SHA256
  
  0dfa8d04fff81c0abaa91bdd60203a22606be027365967383f3a75cc1fb65c96
- SHA512
  
  ae16d01e5abbc1a609141ea27fc7fdc9bce8bb8e05be714ad1d30eb67c48b69f7144e44c26fa0c2c8964a2f08edc64b655dd25ac1cad2f00f3c05c329c4c7656
- SSDEEP
  
  24576:ixvBJCYfTVuEw7wJarOIq0PqJtp050YjpovM:iolEJtWyYqvM
Score

10^/10

qakbot tr 1613385567 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

qakbottr1613385567bankerstealertrojan

behavioral2

qakbottr1613385567bankerstealertrojan