5386029212401664.zip

General
Target

5386029212401664.zip

Size

306KB

Sample

210204-den6s5pra2

Score
10 /10
MD5

9f8a79e9dddc6b07dccba8a13549fd98

SHA1

6b36ad985f10ea32ec293cef2dfbf3f4d1e568b8

SHA256

fc5687972d457716b560a91f67fc93243e1776f01a606eeafba88ed2d36b1924

SHA512

9dcc73ad56b81b2537658cb7ffa70ee3cc2b99d4d961a1858cf7bb26b7656a9a1fdeb01c214c9133aeed5eb6052ba03099faf87cfcf08e08937bbc40ad8119c7

Malware Config

Extracted

Family qakbot
Botnet abc117
Campaign 1608747966
C2

67.6.54.180:443

187.250.170.34:995

67.141.11.98:443

109.154.79.222:2222

2.88.184.160:443

85.52.72.32:2222

86.98.21.234:443

73.166.10.38:50003

90.61.30.155:2222

71.182.142.63:443

178.223.22.192:995

184.189.122.72:443

181.39.236.199:443

72.240.200.181:2222

154.238.45.174:995

47.22.148.6:443

2.51.251.47:995

199.19.117.131:443

200.76.215.87:443

37.104.39.32:995

14.137.64.132:995

70.126.76.75:443

5.194.151.240:2222

83.202.68.220:2222

189.251.67.57:995

197.161.154.132:443

120.150.218.241:995

75.136.40.155:443

151.205.102.42:443

41.39.134.183:443

187.213.80.185:995

82.12.157.95:995

77.136.21.144:995

47.40.78.73:443

173.18.126.193:2222

51.9.198.164:2222

94.26.114.54:443

197.45.110.165:995

184.90.50.79:995

77.30.61.241:995

47.134.138.15:443

196.151.252.84:443

23.236.12.55:443

81.88.254.62:443

105.198.236.99:443

78.97.248.88:443

188.25.61.41:443

45.77.115.208:443

45.77.115.208:2222

45.32.211.207:995

Targets
Target

ca07735d51005cb63d1a5b6c213f6016e1d0fca26addbe8591f8acbf4147d777

MD5

66adf2e8e5561bf7cf3f3cb50d9256bf

Filesize

2MB

Score
10 /10
SHA1

4660be594b83147804564f04543e3ccc26dd44b9

SHA256

ca07735d51005cb63d1a5b6c213f6016e1d0fca26addbe8591f8acbf4147d777

SHA512

c058776a73bc487e5c7f60b86c121ca2d1cdf19774639fe44232ce73cbf5cd91aa5b350dabcb8d6ba540f97db6f15843f6ec981ad2947bdf2d4a0b55b18f534f

Tags

Signatures

  • Qakbot/Qbot

    Description

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    Tags

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                      Privilege Escalation