qakbot | 19acb39965e3d17739451f2e53c608aa31ee4fc4c1223084ab02b9e589ddb958 | Triage

Sharing

General

Target

JaffaCakes118_47fbf018b127558603c18684a5519e61
Size

572KB
Sample

250107-cs71da1qdp
MD5

47fbf018b127558603c18684a5519e61
SHA1

36206838e47bdbabb6123fc643188b8475c8ed8f
SHA256

19acb39965e3d17739451f2e53c608aa31ee4fc4c1223084ab02b9e589ddb958
SHA512

50c24c1a419768bbb99b44b80a84bada2f7e952b087fbe07dd1529720a912cc34749a36d61e0ab63624d19cc8836ded8eb46a75f12a66721b10afe74b45dd73d
SSDEEP

6144:VJVAfqX+2Rr+nxQDBO03fHEera3bpt5eHd:VvAfLfaEkAz5S

Score

10^/10

qakbot obama114 1634112211 banker discovery evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama114

Campaign

1634112211

C2

111.125.245.116:443

124.123.42.115:2222

103.250.38.115:443

68.117.229.117:443

189.252.166.130:32101

89.137.52.44:443

208.78.220.143:443

77.31.162.93:443

83.110.201.195:443

94.200.181.154:443

103.82.211.39:995

216.201.162.158:443

78.179.137.102:995

24.231.209.2:2222

63.143.92.99:995

140.82.49.12:443

73.230.205.91:443

41.86.42.158:995

220.255.25.28:2222

200.232.214.222:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  JaffaCakes118_47fbf018b127558603c18684a5519e61
- Size
  
  572KB
- MD5
  
  47fbf018b127558603c18684a5519e61
- SHA1
  
  36206838e47bdbabb6123fc643188b8475c8ed8f
- SHA256
  
  19acb39965e3d17739451f2e53c608aa31ee4fc4c1223084ab02b9e589ddb958
- SHA512
  
  50c24c1a419768bbb99b44b80a84bada2f7e952b087fbe07dd1529720a912cc34749a36d61e0ab63624d19cc8836ded8eb46a75f12a66721b10afe74b45dd73d
- SSDEEP
  
  6144:VJVAfqX+2Rr+nxQDBO03fHEera3bpt5eHd:VvAfLfaEkAz5S
Score

10^/10

qakbot obama114 1634112211 banker discovery evasion stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama1141634112211bankerdiscoveryevasionstealertrojan

behavioral2

qakbotobama1141634112211bankerdiscoveryevasionstealertrojan