qakbot | e53225b0bc4289135057d05fcbd0aaf79e5a25cf842e8dfd7f1dcaf60f154296 | Triage

Sharing

General

Target

e66882f22b810a54b4ba736b788a80f6_JaffaCakes118
Size

1.1MB
Sample

240917-j7qg7staqk
MD5

e66882f22b810a54b4ba736b788a80f6
SHA1

7d3162c4808c2dfec6fc9e4aaf2ec13669a99eba
SHA256

e53225b0bc4289135057d05fcbd0aaf79e5a25cf842e8dfd7f1dcaf60f154296
SHA512

d954bf093048f8e1e644e690b5692b9c12047d8324f5880057756e04c97c1a0b6ae90386902168111970d387426892526cd5272afb87fe405b4c97ea7e9e092a
SSDEEP

6144:CUg69tR5KCcCg8nqVbkQSaPOnNxRQVwSav4dyxDYoQYJUpg1MwE4s0m+Z1Af6kX:999trKTX84bkQfUO/aQdeMo3e+k4jACA

Score

10^/10

qakbot abc005 1600415827 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc005

Campaign

1600415827

C2

50.244.112.10:995

207.237.1.152:443

184.97.148.2:443

207.255.161.8:993

69.167.206.238:50001

72.36.59.46:2222

173.26.189.151:443

2.50.59.177:443

217.162.149.212:443

199.247.22.145:443

203.106.195.67:443

109.154.214.224:2222

117.199.14.31:443

175.211.225.118:443

188.51.33.232:995

50.244.112.106:443

65.30.213.13:6882

24.37.178.158:443

47.28.131.209:443

207.255.161.8:995

Targets

- Target
  
  e66882f22b810a54b4ba736b788a80f6_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  e66882f22b810a54b4ba736b788a80f6
- SHA1
  
  7d3162c4808c2dfec6fc9e4aaf2ec13669a99eba
- SHA256
  
  e53225b0bc4289135057d05fcbd0aaf79e5a25cf842e8dfd7f1dcaf60f154296
- SHA512
  
  d954bf093048f8e1e644e690b5692b9c12047d8324f5880057756e04c97c1a0b6ae90386902168111970d387426892526cd5272afb87fe405b4c97ea7e9e092a
- SSDEEP
  
  6144:CUg69tR5KCcCg8nqVbkQSaPOnNxRQVwSav4dyxDYoQYJUpg1MwE4s0m+Z1Af6kX:999trKTX84bkQfUO/aQdeMo3e+k4jACA
Score

10^/10

qakbot abc005 1600415827 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0051600415827bankerdiscoverystealertrojan

behavioral2

qakbotabc0051600415827bankerdiscoverystealertrojan