qakbot | 6bcb50b1401155c9af99c8e54dbcb88d3f742076a181fc6a08da283559858146 | Triage

Sharing

General

Target

5f4fa55001452036259a28d4ce2ce6a8_JaffaCakes118
Size

484KB
Sample

240720-gtlkzszbjl
MD5

5f4fa55001452036259a28d4ce2ce6a8
SHA1

d854e805bd41df6e6c816747c321b5e2f7a9a548
SHA256

6bcb50b1401155c9af99c8e54dbcb88d3f742076a181fc6a08da283559858146
SHA512

c75ae33674ed862081186edd23f32821aa80ce55195edfa312b30e56ce5da468efc65889e42a1faf2c7b5e762fafb7a2188aff0ed6d051073e9c9e17cae40a4c
SSDEEP

6144:bbqzVbbUYjG8AClk8+u05KhoSiMsJZuSsnDxeHakVqhhmaM+5Vg0nKH5PnFyunY:XqxgYjG8ACv+dKhpsJZRXH52LMcg5n

Score

10^/10

qakbot obama103 1632477754 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.343

Botnet

obama103

Campaign

1632477754

C2

136.232.34.70:443

216.201.162.158:443

92.59.35.196:2222

105.198.236.99:443

185.250.148.74:443

73.77.87.137:443

196.218.227.241:995

103.148.120.144:443

120.150.218.241:995

47.22.148.6:443

140.82.49.12:443

71.74.12.34:443

27.223.92.142:995

76.25.142.196:443

95.77.223.148:443

75.188.35.168:443

96.37.113.36:993

173.21.10.71:2222

45.46.53.140:2222

73.151.236.31:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  5f4fa55001452036259a28d4ce2ce6a8_JaffaCakes118
- Size
  
  484KB
- MD5
  
  5f4fa55001452036259a28d4ce2ce6a8
- SHA1
  
  d854e805bd41df6e6c816747c321b5e2f7a9a548
- SHA256
  
  6bcb50b1401155c9af99c8e54dbcb88d3f742076a181fc6a08da283559858146
- SHA512
  
  c75ae33674ed862081186edd23f32821aa80ce55195edfa312b30e56ce5da468efc65889e42a1faf2c7b5e762fafb7a2188aff0ed6d051073e9c9e17cae40a4c
- SSDEEP
  
  6144:bbqzVbbUYjG8AClk8+u05KhoSiMsJZuSsnDxeHakVqhhmaM+5Vg0nKH5PnFyunY:XqxgYjG8ACv+dKhpsJZRXH52LMcg5n
Score

10^/10

qakbot obama103 1632477754 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

qakbotobama1031632477754bankerevasionstealertrojan

behavioral2

qakbotobama1031632477754bankerevasionstealertrojan