qakbot | fb06ebc9ddde4c52a9264c9097529658d80d280d2cc19fc7ed8c9f6a0bd69bb8 | Triage

Sharing

General

Target

42da7e8dbd48c24b8da485fd64a9450d_JaffaCakes118
Size

4.2MB
Sample

240729-nacbjazfjf
MD5

42da7e8dbd48c24b8da485fd64a9450d
SHA1

c15c2a74356c81d55668dea26d9c070de419861c
SHA256

fb06ebc9ddde4c52a9264c9097529658d80d280d2cc19fc7ed8c9f6a0bd69bb8
SHA512

ddb71a71e32f8247aef19b0ab85a497d4c6c9a252846388d0259d776c91d917dc063f617965e6bb309ded2a67f9c3a4104de5b9ffd4c56a8f9dde46f762565c9
SSDEEP

6144:CbYmFNuwc2x+lVPYQg9/AoLZlc0WbO9lOuo+PpVk:CbNIwHxaVPYfXuD

Score

10^/10

qakbot partner01 1597332272 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

partner01

Campaign

1597332272

C2

72.28.255.159:995

197.210.96.222:995

71.192.44.92:443

189.183.72.138:995

68.33.206.204:443

49.191.3.234:443

71.56.53.127:443

80.14.209.42:2222

24.139.132.70:443

76.187.12.181:443

89.137.211.239:443

216.201.162.158:443

151.73.112.220:443

92.59.35.196:2222

189.140.55.226:443

201.216.216.245:443

50.244.112.10:995

108.28.179.42:995

108.27.217.44:443

72.185.47.86:995

Targets

- Target
  
  42da7e8dbd48c24b8da485fd64a9450d_JaffaCakes118
- Size
  
  4.2MB
- MD5
  
  42da7e8dbd48c24b8da485fd64a9450d
- SHA1
  
  c15c2a74356c81d55668dea26d9c070de419861c
- SHA256
  
  fb06ebc9ddde4c52a9264c9097529658d80d280d2cc19fc7ed8c9f6a0bd69bb8
- SHA512
  
  ddb71a71e32f8247aef19b0ab85a497d4c6c9a252846388d0259d776c91d917dc063f617965e6bb309ded2a67f9c3a4104de5b9ffd4c56a8f9dde46f762565c9
- SSDEEP
  
  6144:CbYmFNuwc2x+lVPYQg9/AoLZlc0WbO9lOuo+PpVk:CbNIwHxaVPYfXuD
Score

10^/10

qakbot partner01 1597332272 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotpartner011597332272bankerdiscoverystealertrojan

behavioral2

qakbotpartner011597332272bankerdiscoverystealertrojan