qakbot | 91c6667107dd9a39df5f2547ae0a0eafee8b0c1214286103df81aec0b75eb9e3 | Triage

Sharing

General

Target

f206d59c2c6a46adf7022dc11e76f23f_JaffaCakes118
Size

221KB
Sample

240922-pqfjkazckq
MD5

f206d59c2c6a46adf7022dc11e76f23f
SHA1

ee79de19002f58a6a5469cdaef0885ac60e8017b
SHA256

91c6667107dd9a39df5f2547ae0a0eafee8b0c1214286103df81aec0b75eb9e3
SHA512

65118ec7d1ff39776810137b8fc68688dc524f2759688a2aa702be9e9c6e9bb01698801323afc6e7b5c522ee65e92441e8671db4cc6f6bc0be4cfa47f46032c7
SSDEEP

3072:+bfttg0spr28HIM0jLIyPm13vFjdaW9SNZyeNGdrBW/BXH6sVXqPKlTXYGbf8KFR:4fb0rHT6Vm1fuZTiIVH2KlTXYENQ

Score

10^/10

qakbot spx82 1584449336 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

324.65

Botnet

spx82

Campaign

1584449336

C2

98.213.28.175:443

72.209.191.27:443

100.37.33.10:443

70.62.160.186:6883

104.152.16.45:995

68.174.15.223:443

24.99.180.247:443

72.218.167.183:995

71.77.252.14:2222

104.34.122.18:443

176.205.145.81:995

73.163.242.114:443

73.214.231.2:443

83.66.111.85:443

35.142.24.147:2222

67.250.184.157:443

41.228.55.118:443

65.131.79.162:995

137.99.224.198:443

100.33.132.135:443

Targets

- Target
  
  f206d59c2c6a46adf7022dc11e76f23f_JaffaCakes118
- Size
  
  221KB
- MD5
  
  f206d59c2c6a46adf7022dc11e76f23f
- SHA1
  
  ee79de19002f58a6a5469cdaef0885ac60e8017b
- SHA256
  
  91c6667107dd9a39df5f2547ae0a0eafee8b0c1214286103df81aec0b75eb9e3
- SHA512
  
  65118ec7d1ff39776810137b8fc68688dc524f2759688a2aa702be9e9c6e9bb01698801323afc6e7b5c522ee65e92441e8671db4cc6f6bc0be4cfa47f46032c7
- SSDEEP
  
  3072:+bfttg0spr28HIM0jLIyPm13vFjdaW9SNZyeNGdrBW/BXH6sVXqPKlTXYGbf8KFR:4fb0rHT6Vm1fuZTiIVH2KlTXYENQ
Score

10^/10

qakbot banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

spx821584449336qakbot

behavioral1

qakbotbankerdiscoverystealertrojan

behavioral2

qakbotbankerdiscoverystealertrojan