Overview

overview

10

Static

static

3

7ce93e540d...18.exe

windows7-x64

10

7ce93e540d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ce93e540de95b4153b953b9070d6f36_JaffaCakes118

  • Size

    396KB

  • Sample

    240731-spd6wsvbpg

  • MD5

    7ce93e540de95b4153b953b9070d6f36

  • SHA1

    2909fe83cc2754daa8223c40e0f9d2cc8291ee4f

  • SHA256

    ffb5d8c941c81435ec6998e1edb72a0c3224158a87451975ecd201c11bdb4b85

  • SHA512

    814a003b80a107582721be7a21903f31104b9d0499a4a233508c28601ac21c94c52c87c63f7411798aef838cb0b7cb7a59b208b1289fa1bbfed96af6330b0fe2

  • SSDEEP

    12288:pli+DBCYyRl9iIgMw6T+etB7T2B5ZTzFxOUgx:9yGTxOUc

Score
10/10
qakbotgbs021580990347bankerdiscoverystealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.8

Botnet

gbs02

Campaign

1580990347

C2

76.116.90.159:443

74.194.4.181:443

72.36.59.46:2222

24.55.152.50:995

72.224.159.224:2222

173.63.217.48:443

24.229.159.177:995

173.173.68.41:443

24.184.6.58:2222

74.102.83.89:443

66.222.88.126:995

174.82.131.155:995

103.131.26.32:995

189.163.230.27:2222

184.167.2.251:2222

67.87.38.242:2222

50.247.230.33:995

181.126.80.118:443

75.81.25.223:995

23.240.185.215:443

Targets

    • Target

      7ce93e540de95b4153b953b9070d6f36_JaffaCakes118

    • Size

      396KB

    • MD5

      7ce93e540de95b4153b953b9070d6f36

    • SHA1

      2909fe83cc2754daa8223c40e0f9d2cc8291ee4f

    • SHA256

      ffb5d8c941c81435ec6998e1edb72a0c3224158a87451975ecd201c11bdb4b85

    • SHA512

      814a003b80a107582721be7a21903f31104b9d0499a4a233508c28601ac21c94c52c87c63f7411798aef838cb0b7cb7a59b208b1289fa1bbfed96af6330b0fe2

    • SSDEEP

      12288:pli+DBCYyRl9iIgMw6T+etB7T2B5ZTzFxOUgx:9yGTxOUc

    Score
    10/10
    qakbotgbs021580990347bankerdiscoverystealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks