qakbot | e709bd31b9d0f340605499771a33521a09ba3f9b17d19706ecb7748fea93dae5 | Triage

Sharing

General

Target

JaffaCakes118_c12d474142ae599f4b7d3c3decca27c0
Size

512KB
Sample

250109-g7pjsstpem
MD5

c12d474142ae599f4b7d3c3decca27c0
SHA1

86326c7cae713774ddf65a90be20a49a86c0a11d
SHA256

e709bd31b9d0f340605499771a33521a09ba3f9b17d19706ecb7748fea93dae5
SHA512

0b4cdf6986fe985d5a9260760e398694315d45b86a33693c851f357a59083c100cc5b88c62e05cf29159b467bef3dc47aa39230cadf79cf62aa7b515b2ec58e3
SSDEEP

6144:bHEeraRbpt5e3JVAfqX+2Rr+nxQDBO03yDLC:rEk6z5mvAfLf0

Score

10^/10

qakbot star01 1634935795 banker discovery evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

star01

Campaign

1634935795

C2

45.9.20.200:443

96.246.158.154:995

67.165.206.193:993

207.246.112.221:443

37.208.181.198:61202

77.255.12.88:443

79.160.207.214:443

216.201.162.158:443

185.53.147.51:443

187.250.109.250:443

173.21.10.71:2222

108.4.67.252:443

93.175.84.127:443

84.117.135.69:443

87.64.241.207:995

207.246.112.221:995

188.50.34.167:995

73.25.109.183:2222

213.177.130.71:443

176.63.117.1:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  JaffaCakes118_c12d474142ae599f4b7d3c3decca27c0
- Size
  
  512KB
- MD5
  
  c12d474142ae599f4b7d3c3decca27c0
- SHA1
  
  86326c7cae713774ddf65a90be20a49a86c0a11d
- SHA256
  
  e709bd31b9d0f340605499771a33521a09ba3f9b17d19706ecb7748fea93dae5
- SHA512
  
  0b4cdf6986fe985d5a9260760e398694315d45b86a33693c851f357a59083c100cc5b88c62e05cf29159b467bef3dc47aa39230cadf79cf62aa7b515b2ec58e3
- SSDEEP
  
  6144:bHEeraRbpt5e3JVAfqX+2Rr+nxQDBO03yDLC:rEk6z5mvAfLf0
Score

10^/10

qakbot star01 1634935795 banker discovery evasion stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotstar011634935795bankerdiscoveryevasionstealertrojan

behavioral2

qakbotstar011634935795bankerdiscoveryevasionstealertrojan