qakbot | 559767a95d3e72167ff0fe0efbae44f009877ad98fbaf03f50cce0369aad9d27 | Triage

Sharing

General

Target

b83aa999e66ab905176a1b1f3f2283a7_JaffaCakes118
Size

4.2MB
Sample

240822-s9zy4axgjp
MD5

b83aa999e66ab905176a1b1f3f2283a7
SHA1

d0a91fcadae8c47d737aac97f93de94935265a5a
SHA256

559767a95d3e72167ff0fe0efbae44f009877ad98fbaf03f50cce0369aad9d27
SHA512

223543b94460d09a59e5f5451f3c2c1934d422a8e1a7a853d4f630adc11e8bb84588571ad6319e802213b0d770ee107df334efbfc1dfdca69a03957026e957e9
SSDEEP

6144:yqGzAH5bdSZRg4WR223vZezQDP9RB49qRqe90hfduo+Ppb:ukHXsRO2auufi6qNI

Score

10^/10

qakbot tr01 1596554163 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.14

Botnet

tr01

Campaign

1596554163

C2

94.59.241.189:2222

86.98.66.175:2222

94.96.84.73:993

71.83.16.211:443

24.110.96.149:443

78.96.199.79:443

216.201.162.158:443

68.60.221.169:465

95.76.109.181:443

189.231.175.46:443

70.164.37.205:995

108.27.217.44:443

71.220.191.200:443

92.59.35.196:2222

71.192.44.92:443

108.30.125.94:443

93.151.180.170:61202

189.130.26.216:443

47.146.32.175:443

24.71.28.247:443

Targets

- Target
  
  b83aa999e66ab905176a1b1f3f2283a7_JaffaCakes118
- Size
  
  4.2MB
- MD5
  
  b83aa999e66ab905176a1b1f3f2283a7
- SHA1
  
  d0a91fcadae8c47d737aac97f93de94935265a5a
- SHA256
  
  559767a95d3e72167ff0fe0efbae44f009877ad98fbaf03f50cce0369aad9d27
- SHA512
  
  223543b94460d09a59e5f5451f3c2c1934d422a8e1a7a853d4f630adc11e8bb84588571ad6319e802213b0d770ee107df334efbfc1dfdca69a03957026e957e9
- SSDEEP
  
  6144:yqGzAH5bdSZRg4WR223vZezQDP9RB49qRqe90hfduo+Ppb:ukHXsRO2auufi6qNI
Score

10^/10

qakbot tr01 1596554163 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbottr011596554163bankerdiscoverystealertrojan

behavioral2

qakbottr011596554163bankerdiscoverystealertrojan