qakbot | d705b4cfd6e8b2c77fc358d1b5ff2cf34e26876743a69b38015a4484c73fad45 | Triage

Sharing

General

Target

aa7fbd05a1fe5d4a0c68e0f24ca55cb2_JaffaCakes118
Size

4.2MB
Sample

240819-llkqyazemp
MD5

aa7fbd05a1fe5d4a0c68e0f24ca55cb2
SHA1

097990eab583a7060776a068996a0cf02939feba
SHA256

d705b4cfd6e8b2c77fc358d1b5ff2cf34e26876743a69b38015a4484c73fad45
SHA512

bd04c689c83147f90c0b46a280614f335269f3751257ea7115d4b98205bcd11ff3c1a84340b73d5eac5a37b3485e68275b273e9d162152313ae55f4f9ab61bc9
SSDEEP

6144:DWYmFNuwc2U+5SER2z4sMJzSoVgxs67kOksDO9lOuo+PpJ:DWNIwHUgR20sM8k24

Score

10^/10

qakbot abc009 1601288915 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc009

Campaign

1601288915

C2

67.60.113.253:2222

93.149.253.201:2222

47.44.217.98:443

151.76.220.137:443

117.218.208.239:443

190.30.185.80:443

71.80.66.107:443

195.162.106.93:2222

80.14.209.42:2222

50.244.112.106:443

184.98.103.204:995

74.109.219.145:443

79.118.76.109:443

72.186.1.237:443

41.34.85.231:995

90.175.88.99:2222

84.232.238.30:443

45.32.155.12:443

73.104.218.229:0

98.26.50.62:995

Targets

- Target
  
  aa7fbd05a1fe5d4a0c68e0f24ca55cb2_JaffaCakes118
- Size
  
  4.2MB
- MD5
  
  aa7fbd05a1fe5d4a0c68e0f24ca55cb2
- SHA1
  
  097990eab583a7060776a068996a0cf02939feba
- SHA256
  
  d705b4cfd6e8b2c77fc358d1b5ff2cf34e26876743a69b38015a4484c73fad45
- SHA512
  
  bd04c689c83147f90c0b46a280614f335269f3751257ea7115d4b98205bcd11ff3c1a84340b73d5eac5a37b3485e68275b273e9d162152313ae55f4f9ab61bc9
- SSDEEP
  
  6144:DWYmFNuwc2U+5SER2z4sMJzSoVgxs67kOksDO9lOuo+PpJ:DWNIwHUgR20sM8k24
Score

10^/10

qakbot abc009 1601288915 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0091601288915bankerdiscoverystealertrojan

behavioral2

qakbotabc0091601288915bankerdiscoverystealertrojan