qakbot | c3cba8b38b1c9d930d6352803848798e6e9b8ef37e52523b97d5b94dd52fc732 | Triage

Sharing

General

Target

d5134f77ca508e33eace820c4877e6c0_JaffaCakes118
Size

918KB
Sample

240908-zmt8naxcjf
MD5

d5134f77ca508e33eace820c4877e6c0
SHA1

95f1d5ee8c95b24ffb62d61d597ac1e1c5e44b31
SHA256

c3cba8b38b1c9d930d6352803848798e6e9b8ef37e52523b97d5b94dd52fc732
SHA512

c161ecd58dcab38a338e548ca04d3c9bb959c6b235edb2bb08caec87bfdd292bd7e667e7f3679388147ba08c4233456f40c8083581daff26758ce5872f24850d
SSDEEP

6144:x3bDksaZLLP8OvtzpfzzlPFAAfwG44X0m+Z1Af61g8nKB17M1hRJZ:VvksaZLwOvTzRP6Af44ajACi8Kr7M1j

Score

10^/10

qakbot abc003 1600093841 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc003

Campaign

1600093841

C2

134.0.196.46:995

187.200.69.215:443

66.222.88.126:995

151.73.125.102:443

186.94.248.208:2078

71.56.53.127:443

87.65.204.240:995

63.155.74.135:995

68.184.45.73:443

82.77.105.236:2222

23.240.70.80:443

24.138.77.61:443

76.111.128.194:443

75.136.40.155:443

75.182.214.87:443

73.216.60.90:2222

148.240.52.146:443

108.185.113.12:443

216.163.4.136:443

66.215.32.224:443

Targets

- Target
  
  d5134f77ca508e33eace820c4877e6c0_JaffaCakes118
- Size
  
  918KB
- MD5
  
  d5134f77ca508e33eace820c4877e6c0
- SHA1
  
  95f1d5ee8c95b24ffb62d61d597ac1e1c5e44b31
- SHA256
  
  c3cba8b38b1c9d930d6352803848798e6e9b8ef37e52523b97d5b94dd52fc732
- SHA512
  
  c161ecd58dcab38a338e548ca04d3c9bb959c6b235edb2bb08caec87bfdd292bd7e667e7f3679388147ba08c4233456f40c8083581daff26758ce5872f24850d
- SSDEEP
  
  6144:x3bDksaZLLP8OvtzpfzzlPFAAfwG44X0m+Z1Af61g8nKB17M1hRJZ:VvksaZLwOvTzRP6Af44ajACi8Kr7M1j
Score

10^/10

qakbot abc003 1600093841 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0031600093841bankerdiscoverystealertrojan

behavioral2

qakbotabc0031600093841bankerdiscoverystealertrojan