qakbot | 1da20fc8fb18e13218f32278bc11e5e891d44b6e67be2d6b8e36b55dd7e31d31 | Triage

Sharing

General

Target

fd20ec7c5643ccb9d17a8fb62601cfa6_JaffaCakes118
Size

407KB
Sample

240928-zq94aawckl
MD5

fd20ec7c5643ccb9d17a8fb62601cfa6
SHA1

c03d477c2c12815ff3b7f49be8c3c12552ab243a
SHA256

1da20fc8fb18e13218f32278bc11e5e891d44b6e67be2d6b8e36b55dd7e31d31
SHA512

b9df7e880ab5dc561bcf1a69cd723be9104a5fc1fffdc9ddabbd55947534342fa784bc23ac9818e2e422fe806006f99d3800056b539158e69f2a06ad730c13e7
SSDEEP

6144:PyPKmlEwrPmRPWEpWFn2E6lyDntvhhOU35RJEesNT3wU7HuAm8:PTwr03pdf8vhhOKJET5By8

Score

10^/10

qakbot obama05 1613729859 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

obama05

Campaign

1613729859

C2

86.160.137.132:443

172.87.157.235:3389

106.51.85.162:443

108.31.15.10:995

38.92.225.121:443

173.184.119.153:995

81.150.181.168:2222

71.187.170.235:443

188.25.63.105:443

71.117.132.169:443

193.248.221.184:2222

85.52.72.32:2222

87.202.87.210:2222

78.185.59.190:443

2.7.116.188:2222

81.97.154.100:443

24.50.118.93:443

98.121.187.78:443

108.29.32.251:443

24.152.219.253:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  fd20ec7c5643ccb9d17a8fb62601cfa6_JaffaCakes118
- Size
  
  407KB
- MD5
  
  fd20ec7c5643ccb9d17a8fb62601cfa6
- SHA1
  
  c03d477c2c12815ff3b7f49be8c3c12552ab243a
- SHA256
  
  1da20fc8fb18e13218f32278bc11e5e891d44b6e67be2d6b8e36b55dd7e31d31
- SHA512
  
  b9df7e880ab5dc561bcf1a69cd723be9104a5fc1fffdc9ddabbd55947534342fa784bc23ac9818e2e422fe806006f99d3800056b539158e69f2a06ad730c13e7
- SSDEEP
  
  6144:PyPKmlEwrPmRPWEpWFn2E6lyDntvhhOU35RJEesNT3wU7HuAm8:PTwr03pdf8vhhOKJET5By8
Score

10^/10

qakbot obama05 1613729859 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama051613729859bankerdiscoverystealertrojan

behavioral2

qakbotobama051613729859bankerdiscoverystealertrojan