qakbot | 1a87b081250e0711d4a92c9dd271accdfcb58052cca6aa23f3fa16d0f48cfe05 | Triage

Sharing

General

Target

JaffaCakes118_558c04ad5a274f9003c4bcbb32265e92
Size

890KB
Sample

250107-jbfm5a1jbs
MD5

558c04ad5a274f9003c4bcbb32265e92
SHA1

842bca681ab760700cdbc94db50ac654adde6b1d
SHA256

1a87b081250e0711d4a92c9dd271accdfcb58052cca6aa23f3fa16d0f48cfe05
SHA512

976c868e0b8c9d781092bbba8cbec22e329f14d92fc66315a3e2e00ab1247345e26a903fdb92ac666300869b8ad113b0b750454b34a2d743f4da8c0c8574d168
SSDEEP

24576:uvmCkd3miQH9ZfSCFEzouViMKvb/o2ggJcWWeQRqg:uvmf3m1jSCFQKvjjXJcD9qg

Score

10^/10

qakbot biden54 1634810637 banker discovery evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

biden54

Campaign

1634810637

C2

136.143.11.232:443

63.143.92.99:995

182.176.180.73:443

136.232.34.70:443

123.252.190.14:443

216.201.162.158:443

37.208.181.198:61200

140.82.49.12:443

197.89.144.102:443

89.137.52.44:443

109.12.111.14:443

78.191.24.189:995

105.198.236.99:995

196.207.140.40:995

41.235.69.115:443

2.222.167.138:443

117.198.156.56:443

24.231.209.2:6881

27.223.92.142:995

96.246.158.154:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  JaffaCakes118_558c04ad5a274f9003c4bcbb32265e92
- Size
  
  890KB
- MD5
  
  558c04ad5a274f9003c4bcbb32265e92
- SHA1
  
  842bca681ab760700cdbc94db50ac654adde6b1d
- SHA256
  
  1a87b081250e0711d4a92c9dd271accdfcb58052cca6aa23f3fa16d0f48cfe05
- SHA512
  
  976c868e0b8c9d781092bbba8cbec22e329f14d92fc66315a3e2e00ab1247345e26a903fdb92ac666300869b8ad113b0b750454b34a2d743f4da8c0c8574d168
- SSDEEP
  
  24576:uvmCkd3miQH9ZfSCFEzouViMKvb/o2ggJcWWeQRqg:uvmf3m1jSCFQKvjjXJcD9qg
Score

10^/10

qakbot biden54 1634810637 banker discovery evasion stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotbiden541634810637bankerdiscoveryevasionstealertrojan

behavioral2

qakbotbiden541634810637bankerdiscoveryevasionstealertrojan