qakbot | b97710861c37a16498f15085ab4c578b2d6b83a80249530b3a33b1edaeb13618 | Triage

Sharing

General

Target

d0cc9a5ec35365619ffdc1fc89f1750f_JaffaCakes118
Size

1.1MB
Sample

240907-bwe84axhrl
MD5

d0cc9a5ec35365619ffdc1fc89f1750f
SHA1

3893739b1b8b0818973a417b41d2601d71a69c95
SHA256

b97710861c37a16498f15085ab4c578b2d6b83a80249530b3a33b1edaeb13618
SHA512

e1ce189b04913a0101a28d8269c6e36814223523d407b44ad86a2132c99b26572f127d335a795b6d3e583bc4179d927efc0f616be12974bcfca23f6fe28994b5
SSDEEP

6144:tUg69tR5KCcCg8nqVbkQSaPOnNxRQVwSav4dyxDYoQYJUpg1MwE4s0m+Z1Af6kI:699trKTX84bkQfUO/aQdeMo3e+k4jAC7

Score

10^/10

qakbot abc005 1600415827 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc005

Campaign

1600415827

C2

50.244.112.10:995

207.237.1.152:443

184.97.148.2:443

207.255.161.8:993

69.167.206.238:50001

72.36.59.46:2222

173.26.189.151:443

2.50.59.177:443

217.162.149.212:443

199.247.22.145:443

203.106.195.67:443

109.154.214.224:2222

117.199.14.31:443

175.211.225.118:443

188.51.33.232:995

50.244.112.106:443

65.30.213.13:6882

24.37.178.158:443

47.28.131.209:443

207.255.161.8:995

Targets

- Target
  
  d0cc9a5ec35365619ffdc1fc89f1750f_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  d0cc9a5ec35365619ffdc1fc89f1750f
- SHA1
  
  3893739b1b8b0818973a417b41d2601d71a69c95
- SHA256
  
  b97710861c37a16498f15085ab4c578b2d6b83a80249530b3a33b1edaeb13618
- SHA512
  
  e1ce189b04913a0101a28d8269c6e36814223523d407b44ad86a2132c99b26572f127d335a795b6d3e583bc4179d927efc0f616be12974bcfca23f6fe28994b5
- SSDEEP
  
  6144:tUg69tR5KCcCg8nqVbkQSaPOnNxRQVwSav4dyxDYoQYJUpg1MwE4s0m+Z1Af6kI:699trKTX84bkQfUO/aQdeMo3e+k4jAC7
Score

10^/10

qakbot abc005 1600415827 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0051600415827bankerdiscoverystealertrojan

behavioral2

qakbotabc0051600415827bankerdiscoverystealertrojan