qakbot | 6bcb50b1401155c9af99c8e54dbcb88d3f742076a181fc6a08da283559858146 | Triage

Sharing

General

Target

5f4fa55001452036259a28d4ce2ce6a8_JaffaCakes118
Size

484KB
Sample

240720-gtlkzszbjl
MD5

5f4fa55001452036259a28d4ce2ce6a8
SHA1

d854e805bd41df6e6c816747c321b5e2f7a9a548
SHA256

6bcb50b1401155c9af99c8e54dbcb88d3f742076a181fc6a08da283559858146
SHA512

c75ae33674ed862081186edd23f32821aa80ce55195edfa312b30e56ce5da468efc65889e42a1faf2c7b5e762fafb7a2188aff0ed6d051073e9c9e17cae40a4c
SSDEEP

6144:bbqzVbbUYjG8AClk8+u05KhoSiMsJZuSsnDxeHakVqhhmaM+5Vg0nKH5PnFyunY:XqxgYjG8ACv+dKhpsJZRXH52LMcg5n

Score

10^/10

qakbot obama103 1632477754 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.343

Botnet

obama103

Campaign

1632477754

C2

136.232.34.70:443

216.201.162.158:443

92.59.35.196:2222

105.198.236.99:443

185.250.148.74:443

73.77.87.137:443

196.218.227.241:995

103.148.120.144:443

120.150.218.241:995

47.22.148.6:443

140.82.49.12:443

71.74.12.34:443

27.223.92.142:995

76.25.142.196:443

95.77.223.148:443

75.188.35.168:443

96.37.113.36:993

173.21.10.71:2222

45.46.53.140:2222

73.151.236.31:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  5f4fa55001452036259a28d4ce2ce6a8_JaffaCakes118
- Size
  
  484KB
- MD5
  
  5f4fa55001452036259a28d4ce2ce6a8
- SHA1
  
  d854e805bd41df6e6c816747c321b5e2f7a9a548
- SHA256
  
  6bcb50b1401155c9af99c8e54dbcb88d3f742076a181fc6a08da283559858146
- SHA512
  
  c75ae33674ed862081186edd23f32821aa80ce55195edfa312b30e56ce5da468efc65889e42a1faf2c7b5e762fafb7a2188aff0ed6d051073e9c9e17cae40a4c
- SSDEEP
  
  6144:bbqzVbbUYjG8AClk8+u05KhoSiMsJZuSsnDxeHakVqhhmaM+5Vg0nKH5PnFyunY:XqxgYjG8ACv+dKhpsJZRXH52LMcg5n
Score

10^/10

qakbot obama103 1632477754 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama1031632477754bankerevasionstealertrojan

behavioral2

qakbotobama1031632477754bankerevasionstealertrojan