qakbot | dec2d24131b54bda92b59c49acc410da4af20a730b3113c0472479ac168e3a81 | Triage

Sharing

General

Target

1f3d6a8c5039fac659dc2e85689c4be2_JaffaCakes118
Size

5.7MB
Sample

240507-dmgrnsad35
MD5

1f3d6a8c5039fac659dc2e85689c4be2
SHA1

52c376d905d39ce60ba5be1e34618fae4bcb3202
SHA256

dec2d24131b54bda92b59c49acc410da4af20a730b3113c0472479ac168e3a81
SHA512

2124ba3f01c98b09600cb6e8de31ead96c4a3a2a99e95c1236d13071c64f00031901167235a051cff6aa225a27fa28a7b0cda91dd8e70b07f8d64ae2122da175
SSDEEP

12288:o2h3Hz9He6FOvIb4Y38Vq6WoYQqLWtVTn:hHJNFCYh8I6WoYJLEVz

Score

10^/10

qakbot partner01 1597332272 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

partner01

Campaign

1597332272

C2

72.28.255.159:995

197.210.96.222:995

71.192.44.92:443

189.183.72.138:995

68.33.206.204:443

49.191.3.234:443

71.56.53.127:443

80.14.209.42:2222

24.139.132.70:443

76.187.12.181:443

89.137.211.239:443

216.201.162.158:443

151.73.112.220:443

92.59.35.196:2222

189.140.55.226:443

201.216.216.245:443

50.244.112.10:995

108.28.179.42:995

108.27.217.44:443

72.185.47.86:995

Targets

- Target
  
  1f3d6a8c5039fac659dc2e85689c4be2_JaffaCakes118
- Size
  
  5.7MB
- MD5
  
  1f3d6a8c5039fac659dc2e85689c4be2
- SHA1
  
  52c376d905d39ce60ba5be1e34618fae4bcb3202
- SHA256
  
  dec2d24131b54bda92b59c49acc410da4af20a730b3113c0472479ac168e3a81
- SHA512
  
  2124ba3f01c98b09600cb6e8de31ead96c4a3a2a99e95c1236d13071c64f00031901167235a051cff6aa225a27fa28a7b0cda91dd8e70b07f8d64ae2122da175
- SSDEEP
  
  12288:o2h3Hz9He6FOvIb4Y38Vq6WoYQqLWtVTn:hHJNFCYh8I6WoYJLEVz
Score

10^/10

qakbot partner01 1597332272 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

qakbotpartner011597332272bankerstealertrojan

behavioral2

qakbotpartner011597332272bankerstealertrojan