qakbot | 60f82b88809017646d1e61cfd919e0e33773f3035e78d78fe1a1b4e6540b4ff2 | Triage

Sharing

General

Target

5ce4916abc949bf3c04bfb8184745397_JaffaCakes118
Size

4.3MB
Sample

240729-ytb5zsxgnq
MD5

5ce4916abc949bf3c04bfb8184745397
SHA1

a02521d9e351c3682b5eb5e4f541e0dcb5ef1960
SHA256

60f82b88809017646d1e61cfd919e0e33773f3035e78d78fe1a1b4e6540b4ff2
SHA512

6a2b13cdc9016889043fb7b8e9dfe0f6e6a18c5759c1e4893339cc95f4c9aaa970f76a1cd4dd17e9e121dec5f50056f2f6d4095e6f2e652e8fa7ea9118c95ffc
SSDEEP

24576:aIydQMFmTIaG+hzgK/sdZvaKBaJh+TxyQh:ednj5IzgK/sdZvaKBaJhgp

Score

10^/10

qakbot abc006 1600687594 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc006

Campaign

1600687594

C2

72.204.242.138:20

75.136.40.155:443

207.255.161.8:443

80.240.26.178:443

86.122.241.39:2222

103.238.231.40:443

47.146.32.175:443

202.141.244.118:995

185.19.190.81:443

24.201.79.208:2078

178.87.21.21:443

66.222.88.126:995

185.246.9.69:995

172.78.30.215:443

83.110.6.64:2222

41.233.39.224:995

77.159.149.74:443

66.76.105.197:443

134.0.196.46:995

75.87.161.32:995

Targets

- Target
  
  5ce4916abc949bf3c04bfb8184745397_JaffaCakes118
- Size
  
  4.3MB
- MD5
  
  5ce4916abc949bf3c04bfb8184745397
- SHA1
  
  a02521d9e351c3682b5eb5e4f541e0dcb5ef1960
- SHA256
  
  60f82b88809017646d1e61cfd919e0e33773f3035e78d78fe1a1b4e6540b4ff2
- SHA512
  
  6a2b13cdc9016889043fb7b8e9dfe0f6e6a18c5759c1e4893339cc95f4c9aaa970f76a1cd4dd17e9e121dec5f50056f2f6d4095e6f2e652e8fa7ea9118c95ffc
- SSDEEP
  
  24576:aIydQMFmTIaG+hzgK/sdZvaKBaJh+TxyQh:ednj5IzgK/sdZvaKBaJhgp
Score

10^/10

qakbot abc006 1600687594 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

qakbotabc0061600687594bankerdiscoverystealertrojan

behavioral2

qakbotabc0061600687594bankerdiscoverystealertrojan