qakbot | 4932aad52a15c64461c1fb2c5104226cad4af36e81e389feb848fb5ea76d5785 | Triage

Sharing

General

Target

bfde73c04d65e7961b9351c113e4bd40_JaffaCakes118
Size

407KB
Sample

240825-b1t8tashkj
MD5

bfde73c04d65e7961b9351c113e4bd40
SHA1

a04e431d36ad46caceb183b82cdfa461189bf511
SHA256

4932aad52a15c64461c1fb2c5104226cad4af36e81e389feb848fb5ea76d5785
SHA512

fea22eb382e8881cd2e5499b7101a806b7da21632a031a248adc498603ff65a7351143dc6023ab34e48bf41e0a9cbe490384d5636f308750bea45916124f3be4
SSDEEP

6144:yyPKmlEwrPmRPWEpWFn2E6lyDntvhhOU35RJEesNT3wU7HuAmU:mTwr03pdf8vhhOKJET5ByU

Score

10^/10

qakbot obama05 1613729859 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

obama05

Campaign

1613729859

C2

86.160.137.132:443

172.87.157.235:3389

106.51.85.162:443

108.31.15.10:995

38.92.225.121:443

173.184.119.153:995

81.150.181.168:2222

71.187.170.235:443

188.25.63.105:443

71.117.132.169:443

193.248.221.184:2222

85.52.72.32:2222

87.202.87.210:2222

78.185.59.190:443

2.7.116.188:2222

81.97.154.100:443

24.50.118.93:443

98.121.187.78:443

108.29.32.251:443

24.152.219.253:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  bfde73c04d65e7961b9351c113e4bd40_JaffaCakes118
- Size
  
  407KB
- MD5
  
  bfde73c04d65e7961b9351c113e4bd40
- SHA1
  
  a04e431d36ad46caceb183b82cdfa461189bf511
- SHA256
  
  4932aad52a15c64461c1fb2c5104226cad4af36e81e389feb848fb5ea76d5785
- SHA512
  
  fea22eb382e8881cd2e5499b7101a806b7da21632a031a248adc498603ff65a7351143dc6023ab34e48bf41e0a9cbe490384d5636f308750bea45916124f3be4
- SSDEEP
  
  6144:yyPKmlEwrPmRPWEpWFn2E6lyDntvhhOU35RJEesNT3wU7HuAmU:mTwr03pdf8vhhOKJET5ByU
Score

10^/10

qakbot obama05 1613729859 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama051613729859bankerdiscoverystealertrojan

behavioral2

qakbotobama051613729859bankerdiscoverystealertrojan