Overview

overview

10

Static

static

1

5bc0b082c0...18.exe

windows7-x64

10

5bc0b082c0...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5bc0b082c0e069532cb31bd08bd4a2d4_JaffaCakes118

  • Size

    4.2MB

  • Sample

    240729-yc9d6axajk

  • MD5

    5bc0b082c0e069532cb31bd08bd4a2d4

  • SHA1

    e48d322c3b1126ed4d51a0e50914d20fdc94c633

  • SHA256

    3849944c5db10f13305f76c92c1a8c80bc37f6a0514c19ea4a2bbeae62438113

  • SHA512

    2405d05220812ae9977213e3fd4f5474e2ac9be92f8da1c0a7bc9ebe541fbe77f1b006bb8b56b4b72e2b3bf681cbb7119da3c72190be22886a5503ea524ce210

  • SSDEEP

    6144:JYmFNuwc2x+lVPYQg9/AoLZlc0WbO9lOuo+PpDM7xACEL/Ubde4:JNIwHxaVPYfXuNACm/Ub/

Score
10/10
qakbotpartner011597332272bankerdiscoverystealertrojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

partner01

Campaign

1597332272

C2

72.28.255.159:995

197.210.96.222:995

71.192.44.92:443

189.183.72.138:995

68.33.206.204:443

49.191.3.234:443

71.56.53.127:443

80.14.209.42:2222

24.139.132.70:443

76.187.12.181:443

89.137.211.239:443

216.201.162.158:443

151.73.112.220:443

92.59.35.196:2222

189.140.55.226:443

201.216.216.245:443

50.244.112.10:995

108.28.179.42:995

108.27.217.44:443

72.185.47.86:995

Targets

    • Target

      5bc0b082c0e069532cb31bd08bd4a2d4_JaffaCakes118

    • Size

      4.2MB

    • MD5

      5bc0b082c0e069532cb31bd08bd4a2d4

    • SHA1

      e48d322c3b1126ed4d51a0e50914d20fdc94c633

    • SHA256

      3849944c5db10f13305f76c92c1a8c80bc37f6a0514c19ea4a2bbeae62438113

    • SHA512

      2405d05220812ae9977213e3fd4f5474e2ac9be92f8da1c0a7bc9ebe541fbe77f1b006bb8b56b4b72e2b3bf681cbb7119da3c72190be22886a5503ea524ce210

    • SSDEEP

      6144:JYmFNuwc2x+lVPYQg9/AoLZlc0WbO9lOuo+PpDM7xACEL/Ubde4:JNIwHxaVPYfXuNACm/Ub/

    Score
    10/10
    qakbotpartner011597332272bankerdiscoverystealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks