Overview

overview

10

Static

static

1

773d40144f...18.exe

windows7-x64

10

773d40144f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    773d40144f60cd3133d59defbba2007d_JaffaCakes118

  • Size

    4.2MB

  • Sample

    240730-staz2a1alh

  • MD5

    773d40144f60cd3133d59defbba2007d

  • SHA1

    99b90db69a50bbc69085bb3a6b5f2cec87695082

  • SHA256

    9668bf80c1521a42cebce4a8c81da28fd5b10d846af370b2ad7c0ccda415c258

  • SHA512

    ce3df2ef537fda66e7210fa10a2f767dde81cd69501c1c7cc5bf1e3f368569e2bccb91132026a2a34a71b5c04aa1c56730a29e997b25ceee1b79438e6ad244e5

  • SSDEEP

    12288:FX2NIwHFTQLKZapgbC0tIIl/QTACm/Uby:uIyFTQLK8pgbCiLl/h8by

Score
10/10
qakbotabc0071600765035bankerdiscoverystealertrojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc007

Campaign

1600765035

C2

103.76.160.110:443

24.218.181.15:443

188.26.11.29:2222

217.162.149.212:443

96.236.225.10:443

85.185.202.53:995

95.179.247.224:443

96.30.198.161:443

45.32.154.10:443

199.247.16.80:443

189.150.106.230:22

71.221.92.98:443

24.234.86.201:995

176.223.82.244:995

24.27.82.216:2222

117.218.208.239:443

72.204.242.138:20

207.255.161.8:443

5.12.0.239:443

207.255.161.8:2087

Targets

    • Target

      773d40144f60cd3133d59defbba2007d_JaffaCakes118

    • Size

      4.2MB

    • MD5

      773d40144f60cd3133d59defbba2007d

    • SHA1

      99b90db69a50bbc69085bb3a6b5f2cec87695082

    • SHA256

      9668bf80c1521a42cebce4a8c81da28fd5b10d846af370b2ad7c0ccda415c258

    • SHA512

      ce3df2ef537fda66e7210fa10a2f767dde81cd69501c1c7cc5bf1e3f368569e2bccb91132026a2a34a71b5c04aa1c56730a29e997b25ceee1b79438e6ad244e5

    • SSDEEP

      12288:FX2NIwHFTQLKZapgbC0tIIl/QTACm/Uby:uIyFTQLK8pgbCiLl/h8by

    Score
    10/10
    qakbotabc0071600765035bankerdiscoverystealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks