qakbot | 0def0284732d41ec83ce66364d566b6aa3d914d5e0d7c4dff68eae15df5d557b | Triage

Sharing

General

Target

JaffaCakes118_fce20c78174b38ef7491e97461efce9e
Size

689KB
Sample

250111-k1m9yatnhz
MD5

fce20c78174b38ef7491e97461efce9e
SHA1

594a74c8197228ac25eafd058ade9ec40533aad7
SHA256

0def0284732d41ec83ce66364d566b6aa3d914d5e0d7c4dff68eae15df5d557b
SHA512

84a1bcfad2fbac58d733cb43945309921e89272ea47030d9e9cc9b17813279e26e0410e65296065e3f825de3a47b7486cf65e07e62dfd1ccd63cede744b83833
SSDEEP

12288:BrI0bPKn8p/S0jXgfFWVkMXl2xAgwFX2ddG83tNzZ0XssC82H6/vLyWMAy:pI0bP1XWMXsAZX6JcTLdMN

Score

10^/10

qakbot obama117 1634545803 banker discovery evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama117

Campaign

1634545803

C2

176.45.53.222:443

220.255.25.28:2222

91.178.126.51:995

2.222.167.138:443

65.100.174.110:995

105.198.236.99:995

115.96.64.9:995

196.207.140.40:995

24.231.209.2:2222

146.66.238.74:443

103.82.211.39:995

65.100.174.110:443

103.142.10.177:443

140.82.49.12:443

78.105.213.151:995

41.86.42.158:995

89.101.97.139:443

120.150.218.241:995

24.119.214.7:443

103.143.8.71:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  JaffaCakes118_fce20c78174b38ef7491e97461efce9e
- Size
  
  689KB
- MD5
  
  fce20c78174b38ef7491e97461efce9e
- SHA1
  
  594a74c8197228ac25eafd058ade9ec40533aad7
- SHA256
  
  0def0284732d41ec83ce66364d566b6aa3d914d5e0d7c4dff68eae15df5d557b
- SHA512
  
  84a1bcfad2fbac58d733cb43945309921e89272ea47030d9e9cc9b17813279e26e0410e65296065e3f825de3a47b7486cf65e07e62dfd1ccd63cede744b83833
- SSDEEP
  
  12288:BrI0bPKn8p/S0jXgfFWVkMXl2xAgwFX2ddG83tNzZ0XssC82H6/vLyWMAy:pI0bP1XWMXsAZX6JcTLdMN
Score

10^/10

qakbot obama117 1634545803 banker discovery evasion stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama1171634545803bankerdiscoveryevasionstealertrojan

behavioral2

qakbotobama1171634545803bankerdiscoveryevasionstealertrojan