qakbot | 1fefcb0f6d372c8dfb057e33288792b6220833e97df4457bbe9d41a5f4cb20f6 | Triage

Sharing

General

Target

JaffaCakes118_c6b79947484e1c4c156c550b23f8943f
Size

1.2MB
Sample

250109-na9xssyjdy
MD5

c6b79947484e1c4c156c550b23f8943f
SHA1

726449bb82b5202d7876332f3093658412a5e453
SHA256

1fefcb0f6d372c8dfb057e33288792b6220833e97df4457bbe9d41a5f4cb20f6
SHA512

d619e32dedcd7be28b7360086c3bb544066e4c5f42403bd59e8ff1a4a543a73a57af51e9541e2bbd8211cca7686b992337d0902e44e44769d19bd7626bafb094
SSDEEP

24576:rzVwOlR/8qI8ixvTDH2AVpIP97+xgbZTekDX:rzVjR/zI8ixDHzS97+xgbZTfDX

Score

10^/10

qakbot biden53 1634717752 banker discovery evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

biden53

Campaign

1634717752

C2

103.142.10.177:443

24.152.219.253:995

181.118.183.94:443

129.208.147.188:995

24.119.214.7:443

38.70.253.226:2222

103.143.8.71:443

77.57.204.78:443

65.100.174.110:995

220.255.25.28:2222

91.178.126.51:995

37.210.155.239:995

81.241.252.59:2078

93.48.58.123:2222

65.100.174.110:443

76.25.142.196:443

24.231.209.2:2222

140.82.49.12:443

146.66.238.74:443

39.49.4.147:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  JaffaCakes118_c6b79947484e1c4c156c550b23f8943f
- Size
  
  1.2MB
- MD5
  
  c6b79947484e1c4c156c550b23f8943f
- SHA1
  
  726449bb82b5202d7876332f3093658412a5e453
- SHA256
  
  1fefcb0f6d372c8dfb057e33288792b6220833e97df4457bbe9d41a5f4cb20f6
- SHA512
  
  d619e32dedcd7be28b7360086c3bb544066e4c5f42403bd59e8ff1a4a543a73a57af51e9541e2bbd8211cca7686b992337d0902e44e44769d19bd7626bafb094
- SSDEEP
  
  24576:rzVwOlR/8qI8ixvTDH2AVpIP97+xgbZTekDX:rzVjR/zI8ixDHzS97+xgbZTfDX
Score

10^/10

qakbot biden53 1634717752 banker discovery evasion stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotbiden531634717752bankerdiscoveryevasionstealertrojan

behavioral2

qakbotbiden531634717752bankerdiscoveryevasionstealertrojan