qakbot | 507c4ca5203a7e70ab272f1df71e55e6d5b21f018fe51d2b3975e296d60cc0b5 | Triage

Sharing

General

Target

f18f62722ecab010c9e35b671c65b6a6_JaffaCakes118
Size

912KB
Sample

240922-jc1dxsyblg
MD5

f18f62722ecab010c9e35b671c65b6a6
SHA1

c48bc8ea009245c325496c547e4256efa2d76a63
SHA256

507c4ca5203a7e70ab272f1df71e55e6d5b21f018fe51d2b3975e296d60cc0b5
SHA512

bebff006ed48c08573fb3fc29ee3cbea5406b1be04bde9b54fbb2361228616b86bcc2d76a32b2f1c69cd1bff75433a2f241a883fc836dd8cdbc145be20d1b1b0
SSDEEP

6144:b3bDksaZLLP8OvtzpfzzlPFAAfwG44X0m+Z1Af61g8nKB17M1hRJd:jvksaZLwOvTzRP6Af44ajACi8Kr7M1T

Score

10^/10

qakbot abc003 1600093841 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc003

Campaign

1600093841

C2

134.0.196.46:995

187.200.69.215:443

66.222.88.126:995

151.73.125.102:443

186.94.248.208:2078

71.56.53.127:443

87.65.204.240:995

63.155.74.135:995

68.184.45.73:443

82.77.105.236:2222

23.240.70.80:443

24.138.77.61:443

76.111.128.194:443

75.136.40.155:443

75.182.214.87:443

73.216.60.90:2222

148.240.52.146:443

108.185.113.12:443

216.163.4.136:443

66.215.32.224:443

Targets

- Target
  
  f18f62722ecab010c9e35b671c65b6a6_JaffaCakes118
- Size
  
  912KB
- MD5
  
  f18f62722ecab010c9e35b671c65b6a6
- SHA1
  
  c48bc8ea009245c325496c547e4256efa2d76a63
- SHA256
  
  507c4ca5203a7e70ab272f1df71e55e6d5b21f018fe51d2b3975e296d60cc0b5
- SHA512
  
  bebff006ed48c08573fb3fc29ee3cbea5406b1be04bde9b54fbb2361228616b86bcc2d76a32b2f1c69cd1bff75433a2f241a883fc836dd8cdbc145be20d1b1b0
- SSDEEP
  
  6144:b3bDksaZLLP8OvtzpfzzlPFAAfwG44X0m+Z1Af61g8nKB17M1hRJd:jvksaZLwOvTzRP6Af44ajACi8Kr7M1T
Score

10^/10

qakbot abc003 1600093841 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc0031600093841bankerdiscoverystealertrojan

behavioral2

qakbotabc0031600093841bankerdiscoverystealertrojan