qakbot | 748db1f530fa931a4b0bfa8df7c96f84d3bd8b40591960c9453d19df827c0dd4 | Triage

Sharing

General

Target

a157a00e0ba08a11b067ba4fed9d99b0_JaffaCakes118
Size

337KB
Sample

240817-f3t32syhnh
MD5

a157a00e0ba08a11b067ba4fed9d99b0
SHA1

71b796b449ef7293a4eb1f203fe8e9c4812ed0e5
SHA256

748db1f530fa931a4b0bfa8df7c96f84d3bd8b40591960c9453d19df827c0dd4
SHA512

1828cc46451e51aadeb69450f639eaf03a078153aa6a475720864136c1830b34ca0360a3e37f31d1ae8a7616b75bba5acb09132002daef30a44c307dfd81aca8
SSDEEP

6144:DgOXktvhhOU35RJEesNr3wU7HuAmHKmlEwrPmRPWEpWFn2E6lyDT:xkvhhOKJETRByqTwr03pdfE

Score

10^/10

qakbot obama04 1613469138 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

obama04

Campaign

1613469138

C2

50.29.166.232:995

89.137.211.239:995

172.78.30.215:443

193.248.221.184:2222

80.227.5.69:443

216.201.162.158:443

75.67.192.125:443

105.96.8.96:443

77.211.30.202:995

136.232.34.70:443

87.202.87.210:2222

86.245.46.27:2222

90.101.117.122:2222

81.97.154.100:443

47.196.192.184:443

197.161.154.132:443

78.185.59.190:443

202.188.138.162:443

77.27.204.204:995

203.194.110.74:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  a157a00e0ba08a11b067ba4fed9d99b0_JaffaCakes118
- Size
  
  337KB
- MD5
  
  a157a00e0ba08a11b067ba4fed9d99b0
- SHA1
  
  71b796b449ef7293a4eb1f203fe8e9c4812ed0e5
- SHA256
  
  748db1f530fa931a4b0bfa8df7c96f84d3bd8b40591960c9453d19df827c0dd4
- SHA512
  
  1828cc46451e51aadeb69450f639eaf03a078153aa6a475720864136c1830b34ca0360a3e37f31d1ae8a7616b75bba5acb09132002daef30a44c307dfd81aca8
- SSDEEP
  
  6144:DgOXktvhhOU35RJEesNr3wU7HuAmHKmlEwrPmRPWEpWFn2E6lyDT:xkvhhOKJETRByqTwr03pdfE
Score

10^/10

qakbot obama04 1613469138 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama041613469138bankerdiscoverystealertrojan

behavioral2

qakbotobama041613469138bankerdiscoverystealertrojan