qakbot | df883ad9d0144b24448da884be2714b2f9193bc87c019a0e025e23996d00cbac | Triage

Sharing

General

Target

82c3c48b0a6f83f622c60ef35b2f6238_JaffaCakes118
Size

708KB
Sample

241031-m499zsyjgq
MD5

82c3c48b0a6f83f622c60ef35b2f6238
SHA1

43590bfbb0f336fdf17499c33f4619f8eb50efbe
SHA256

df883ad9d0144b24448da884be2714b2f9193bc87c019a0e025e23996d00cbac
SHA512

128c49a922f559cd4031e26e5bc973a923fbfa488cbafb4fd1ad6c312c0c404e0d06b368f9355b3fd4fe2ef3bc3547bf5359f1e22d958f1b6be0b479a2cc4da6
SSDEEP

12288:fsbAcis08s7gQFMWC24/MFS+AWmdnWJIjJ5F3+DpEFs3H6v/+FoTN:fODis0dFA24/MFSptIJKnx+NE23a3+FS

Score

10^/10

qakbot obama106 1632905607 banker discovery evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama106

Campaign

1632905607

C2

37.210.152.224:995

120.151.47.189:443

105.198.236.99:443

122.11.220.212:2222

199.27.127.129:443

41.251.41.14:995

216.201.162.158:443

124.123.42.115:2078

181.118.183.94:443

120.150.218.241:995

185.250.148.74:443

217.17.56.163:443

182.181.78.18:995

140.82.49.12:443

105.159.144.186:995

89.101.97.139:443

217.17.56.163:0

27.223.92.142:995

95.77.223.148:443

109.190.253.11:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  82c3c48b0a6f83f622c60ef35b2f6238_JaffaCakes118
- Size
  
  708KB
- MD5
  
  82c3c48b0a6f83f622c60ef35b2f6238
- SHA1
  
  43590bfbb0f336fdf17499c33f4619f8eb50efbe
- SHA256
  
  df883ad9d0144b24448da884be2714b2f9193bc87c019a0e025e23996d00cbac
- SHA512
  
  128c49a922f559cd4031e26e5bc973a923fbfa488cbafb4fd1ad6c312c0c404e0d06b368f9355b3fd4fe2ef3bc3547bf5359f1e22d958f1b6be0b479a2cc4da6
- SSDEEP
  
  12288:fsbAcis08s7gQFMWC24/MFS+AWmdnWJIjJ5F3+DpEFs3H6v/+FoTN:fODis0dFA24/MFSptIJKnx+NE23a3+FS
Score

10^/10

qakbot obama106 1632905607 banker discovery evasion stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama1061632905607bankerdiscoveryevasionstealertrojan

behavioral2

qakbotobama1061632905607bankerdiscoveryevasionstealertrojan