General

  • Target

    9237e5cae5f698d5ad9f6c61af8bd866e599abb05f5bc49474d98e269a29a588

  • Size

    1MB

  • Sample

    210224-67kvqp7s52

  • MD5

    94f6bcd1c6b35a1c5d55dd2dbe7211da

  • SHA1

    4d6359c3e61f8d54863d183d38ddc548c2a8702b

  • SHA256

    9237e5cae5f698d5ad9f6c61af8bd866e599abb05f5bc49474d98e269a29a588

  • SHA512

    832cfab9ee1f813f2a9a2fa3afae32646a00c10c71930cd034efa2c07d588facb9d782deba930376a499f2e76f1177a4d3a39bd2ca8bbdc37586e092c72ef8b0

Malware Config

Extracted

Family

qakbot

Botnet

tr

Campaign

1613385567

C2

78.63.226.32:443

197.51.82.72:443

193.248.221.184:2222

95.77.223.148:443

71.199.192.62:443

77.211.30.202:995

80.227.5.69:443

77.27.204.204:995

81.97.154.100:443

173.184.119.153:995

38.92.225.121:443

81.150.181.168:2222

90.65.236.181:2222

83.110.103.152:443

73.153.211.227:443

188.25.63.105:443

89.137.211.239:995

202.188.138.162:443

98.173.34.212:995

87.202.87.210:2222

Targets

    • Target

      9237e5cae5f698d5ad9f6c61af8bd866e599abb05f5bc49474d98e269a29a588

    • Size

      1MB

    • MD5

      94f6bcd1c6b35a1c5d55dd2dbe7211da

    • SHA1

      4d6359c3e61f8d54863d183d38ddc548c2a8702b

    • SHA256

      9237e5cae5f698d5ad9f6c61af8bd866e599abb05f5bc49474d98e269a29a588

    • SHA512

      832cfab9ee1f813f2a9a2fa3afae32646a00c10c71930cd034efa2c07d588facb9d782deba930376a499f2e76f1177a4d3a39bd2ca8bbdc37586e092c72ef8b0

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • themida

      Detects Themida, Advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Peripheral Device Discovery

1
T1120

Tasks