qakbot | efa5e46131a9f87b24d67235a3bab0ea00bc6870f580a4d0da103252d4707eee | Triage

Sharing

General

Target

e205b71ba88af817576a44c69fa19344_JaffaCakes118
Size

4.0MB
Sample

240915-jrsmmatdmp
MD5

e205b71ba88af817576a44c69fa19344
SHA1

1367928771225ee2d062bdbb2d6956dafab35baa
SHA256

efa5e46131a9f87b24d67235a3bab0ea00bc6870f580a4d0da103252d4707eee
SHA512

3c88cbbd29d21354c1c3930d183512741b36310378053199ae9e7f63cb6688a500ae3e691c693eed03ea0744b3cf4be80881e83f2da6a3a76780852cb32f3789
SSDEEP

6144:1Id1grY0tn9cV1pZzcF0t+gydsdHWflS9klcRfw63wTcQgE:1Id5N7zHV762RIh

Score

10^/10

qakbot abc012 1601625483 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc012

Campaign

1601625483

C2

207.255.161.8:993

103.206.112.234:443

94.49.70.137:995

98.26.50.62:995

98.38.47.1:443

78.97.110.47:443

24.43.22.220:993

46.209.102.43:995

69.11.247.242:443

66.208.105.6:443

199.247.22.145:443

217.162.149.212:443

45.32.155.12:443

5.12.218.57:2222

190.85.91.154:443

103.76.160.110:443

77.27.174.49:995

172.78.30.215:443

71.187.170.235:443

89.42.142.35:443

Targets

- Target
  
  e205b71ba88af817576a44c69fa19344_JaffaCakes118
- Size
  
  4.0MB
- MD5
  
  e205b71ba88af817576a44c69fa19344
- SHA1
  
  1367928771225ee2d062bdbb2d6956dafab35baa
- SHA256
  
  efa5e46131a9f87b24d67235a3bab0ea00bc6870f580a4d0da103252d4707eee
- SHA512
  
  3c88cbbd29d21354c1c3930d183512741b36310378053199ae9e7f63cb6688a500ae3e691c693eed03ea0744b3cf4be80881e83f2da6a3a76780852cb32f3789
- SSDEEP
  
  6144:1Id1grY0tn9cV1pZzcF0t+gydsdHWflS9klcRfw63wTcQgE:1Id5N7zHV762RIh
Score

10^/10

qakbot abc012 1601625483 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0121601625483bankerdiscoverystealertrojan

behavioral2

qakbotabc0121601625483bankerdiscoverystealertrojan