qakbot | 9237e5cae5f698d5ad9f6c61af8bd866e599abb05f5bc49474d98e269a29a588 | Triage

Submit
Reports

Overview

overview

Static

static

7

94f6bcd1c6...18.dll

windows7-x64

94f6bcd1c6...18.dll

windows10-2004-x64

Sharing

General

Target

94f6bcd1c6b35a1c5d55dd2dbe7211da_JaffaCakes118
Size

1.3MB
Sample

240813-18ycwayhnd
MD5

94f6bcd1c6b35a1c5d55dd2dbe7211da
SHA1

4d6359c3e61f8d54863d183d38ddc548c2a8702b
SHA256

9237e5cae5f698d5ad9f6c61af8bd866e599abb05f5bc49474d98e269a29a588
SHA512

832cfab9ee1f813f2a9a2fa3afae32646a00c10c71930cd034efa2c07d588facb9d782deba930376a499f2e76f1177a4d3a39bd2ca8bbdc37586e092c72ef8b0
SSDEEP

24576:Mm4KIe7WgCBxOQyvlHxhXjqpdwWow1Rht956wCLVAWRCySnAZWX:14GQ9yvlHCdwSZT56wCL1bSn3

Score

10^/10

qakbot banker discovery evasion stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

94f6bcd1c6b35a1c5d55dd2dbe7211da_JaffaCakes118.dll

Resource

win7-20240704-en

qakbot banker discovery evasion stealer themida trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

94f6bcd1c6b35a1c5d55dd2dbe7211da_JaffaCakes118.dll

Resource

win10v2004-20240802-en

qakbot banker discovery evasion stealer themida trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

qakbot

Attributes

salt
��G�6�P�<��U]��c)��z

Targets

- Target
  
  94f6bcd1c6b35a1c5d55dd2dbe7211da_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  94f6bcd1c6b35a1c5d55dd2dbe7211da
- SHA1
  
  4d6359c3e61f8d54863d183d38ddc548c2a8702b
- SHA256
  
  9237e5cae5f698d5ad9f6c61af8bd866e599abb05f5bc49474d98e269a29a588
- SHA512
  
  832cfab9ee1f813f2a9a2fa3afae32646a00c10c71930cd034efa2c07d588facb9d782deba930376a499f2e76f1177a4d3a39bd2ca8bbdc37586e092c72ef8b0
- SSDEEP
  
  24576:Mm4KIe7WgCBxOQyvlHxhXjqpdwWow1Rht956wCLVAWRCySnAZWX:14GQ9yvlHCdwSZT56wCL1bSn3
Score

10^/10

qakbot banker discovery evasion stealer themida trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotbankerdiscoveryevasionstealerthemidatrojan

behavioral2

qakbotbankerdiscoveryevasionstealerthemidatrojan

© 2018-2024

Terms | Privacy