qakbot | 2aad9e0e7e2d6abee588ed2c6a8dd54e33f8fcbc186a3051404ac6f9a76b4a58 | Triage

Sharing

General

Target

d6aed3332f341ef13d01f86e63ea239c_JaffaCakes118
Size

4.0MB
Sample

240909-ttq7paxglq
MD5

d6aed3332f341ef13d01f86e63ea239c
SHA1

a845c11e930902dad37a48f10a78696a1e51437d
SHA256

2aad9e0e7e2d6abee588ed2c6a8dd54e33f8fcbc186a3051404ac6f9a76b4a58
SHA512

5ce981411ad77fdcb86a933a1e35e72286412c29d50c46e3519f59a2fd32cbb518e1cd6e47177fa0241f36dc00d19b61801a6540e7ed4e1bd09c2cdbcf575403
SSDEEP

6144:M1grY0tn9cY1pZHiCKuZqncFL68UlyCSLo3fL:M5NCkgqcFL64H0D

Score

10^/10

qakbot abc010 1601379374 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc010

Campaign

1601379374

C2

24.104.222.81:443

108.190.151.108:2222

71.74.12.34:443

93.177.144.236:443

191.84.15.181:443

82.210.157.185:443

75.137.239.211:443

141.158.47.123:443

108.49.221.180:443

189.183.74.198:995

74.195.88.59:995

95.77.144.238:443

103.206.112.234:443

100.1.39.62:443

24.27.82.216:2222

80.240.26.178:443

50.244.112.106:443

5.15.90.159:2222

89.42.142.35:443

24.201.79.208:2078

Targets

- Target
  
  d6aed3332f341ef13d01f86e63ea239c_JaffaCakes118
- Size
  
  4.0MB
- MD5
  
  d6aed3332f341ef13d01f86e63ea239c
- SHA1
  
  a845c11e930902dad37a48f10a78696a1e51437d
- SHA256
  
  2aad9e0e7e2d6abee588ed2c6a8dd54e33f8fcbc186a3051404ac6f9a76b4a58
- SHA512
  
  5ce981411ad77fdcb86a933a1e35e72286412c29d50c46e3519f59a2fd32cbb518e1cd6e47177fa0241f36dc00d19b61801a6540e7ed4e1bd09c2cdbcf575403
- SSDEEP
  
  6144:M1grY0tn9cY1pZHiCKuZqncFL68UlyCSLo3fL:M5NCkgqcFL64H0D
Score

10^/10

qakbot abc010 1601379374 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0101601379374bankerdiscoverystealertrojan

behavioral2

qakbotabc0101601379374bankerdiscoverystealertrojan