General

  • Target

    04a42746_by_Libranalysis

  • Size

    27.4MB

  • Sample

    210507-agd3vj4wgx

  • MD5

    04a42746c15c78603ef6934e22c12f19

  • SHA1

    590af126e5282481bf1d74bd182c3b9ef85323d3

  • SHA256

    1419ea24a80726cf8a5ff762f57be4cad2c8adc1711ea4868370b65fd191c80c

  • SHA512

    0cd37bda2196fb96d3a7e0e46d55afd6031b406ce9441d06d023bb5f2958a8ca2abc9034168daeaad0d7bff916343d55eb559dd5d90664e79fcc09fe7ce6ac6a

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

domain01

Campaign

1602007616

C2

77.27.174.49:995

68.14.210.246:22

208.93.202.49:443

50.244.112.106:443

173.44.112.112:443

184.98.103.204:995

72.204.242.138:20

96.18.240.158:443

93.149.253.201:2222

72.186.1.237:443

89.176.37.202:995

5.12.255.109:443

75.136.40.155:443

23.240.70.80:443

67.170.137.8:443

173.22.125.129:2222

71.80.66.107:443

189.222.203.96:443

96.243.35.201:443

201.103.0.150:443

Extracted

Family

qakbot

Version

324.142

Botnet

domain01

Campaign

1591171636

C2

67.165.206.193:995

173.187.103.35:443

47.153.115.154:443

188.192.75.8:995

47.40.244.237:443

142.129.227.86:443

39.36.14.99:995

45.77.164.175:443

71.241.247.189:443

103.76.160.110:443

117.192.100.60:443

207.246.71.122:443

144.202.48.107:443

93.118.221.117:443

45.77.215.141:443

71.185.60.227:443

178.86.244.141:443

72.204.242.138:53

47.41.3.40:443

24.202.42.48:2222

Extracted

Family

qakbot

Version

325.43

Botnet

domain01

Campaign

1597161528

C2

96.227.127.13:443

197.37.252.37:993

95.221.48.169:2222

72.190.101.70:443

47.39.76.74:443

207.255.18.67:443

108.46.145.30:443

142.117.109.129:2222

176.205.255.97:443

2.89.74.34:995

98.219.77.197:443

75.110.250.89:995

47.28.131.209:443

47.18.252.135:2222

66.30.92.147:443

188.51.3.210:995

83.110.92.29:443

68.225.56.31:443

189.183.72.138:995

98.121.187.78:443

Targets

    • Target

      005cdb34748048c41a3c57ba7358986d

    • Size

      269KB

    • MD5

      005cdb34748048c41a3c57ba7358986d

    • SHA1

      ec91c6e7952ae2c831f97da198f2dfbc6f9b3166

    • SHA256

      9b40c9513cae3bebcbe6cf7e9c85a6c4d6986482a5f889f50c1e891e246bec8c

    • SHA512

      0a689c270d45d9b978ae0ac4fd3d9349660295eb78b22205efd09097c82de2c8afd9b598ba3f0b9e65dfdef8c69eefb46a68d15f52d3159b538cdd7d03099027

    • Target

      3f0879776f937dbb75e02826b39e09c0

    • Size

      4.2MB

    • MD5

      3f0879776f937dbb75e02826b39e09c0

    • SHA1

      123671109c9b8fdbadd2a8df5756b028ed59234f

    • SHA256

      51ed1ea8c11656fa2300a5424db4b0998be5b383ad54aed547c1f2c70fa96959

    • SHA512

      5abdc5f55a633c49b8eb76fd57e4fb3c04cee8823513d306531dd5e986cc2d1d855b73d18747f98258b7e09059e3a969bc9a7558202540b0e19304e49a309f44

    Score
    1/10
    • Target

      4568b57ad46502fe4740a6ec3282a874

    • Size

      491KB

    • MD5

      4568b57ad46502fe4740a6ec3282a874

    • SHA1

      bed4802d8f6ec52c5e6a9215d78e0632d2ac11a0

    • SHA256

      b5a90a7357ddd95c88a6f042f9a5b9d388ce936df393987a565209a140046905

    • SHA512

      c704d8f493c653e6573172a3763a1186a30092e0534a677583b6b901d1599ed181c8c199e4a9f1e59bb82296ce8c9fa273df39ec819ba6da0e45dba508942a47

    • Target

      5aa990d7864b3bd6c80718c7e86e00ba

    • Size

      4.0MB

    • MD5

      5aa990d7864b3bd6c80718c7e86e00ba

    • SHA1

      862091d41bb5ecbba19b9d657811254e322a4825

    • SHA256

      88d89e9a3eb88b44e9109185f880eccc5ecb2ed1df906db25677e18ebaff1f47

    • SHA512

      0055808e6d742825edc96114fa91162b0d068de859b1d98f30a480f43f380e93a3a0ddc1ae19b4958a7be6a365b632d4ed81b2725992934b8fdf3bedcf99ddc1

    • Target

      5d60ef2d7cb084878cdcccd63b4df50b

    • Size

      4.1MB

    • MD5

      5d60ef2d7cb084878cdcccd63b4df50b

    • SHA1

      afff6fe7ebe180d393355ba9cd23a1f3a61efbc0

    • SHA256

      daa9ddf216de176801e3a77b3f7a33691d92e2ab70e9f1c1aecebab6d21b1192

    • SHA512

      232cec403902ffcc3078aedc65777adb8e6baea4dad099515ddd069bf1a7f479fcd9cf209dcd335a16d0e0a1e181e12e3c3462de3872a4011f93132ddac2f2eb

    • Target

      83b15f14e171cce96ab3fdea915c388a

    • Size

      3.0MB

    • MD5

      83b15f14e171cce96ab3fdea915c388a

    • SHA1

      f28974a9234c3809cf65923030a446e71f0bf81c

    • SHA256

      57b24f50d87b740eed6a0d8a9e2e5b9f2d99f4454d3c5c8de2e1a5e9081a617d

    • SHA512

      3d5aedff9596cb3114520abba34a1dac4cad59e9694fa2e45667b581022844f7d846c0bb74c6774470fc8bf4258d0f1e02a71e8ed40bfb1cfcb36a69e70ae5b4

    • Target

      8edc802c274f3fd64be9aa5557b7ca79

    • Size

      3.0MB

    • MD5

      8edc802c274f3fd64be9aa5557b7ca79

    • SHA1

      6fe3ee6c2c0c43064bb53417bcee828845bf46f3

    • SHA256

      412abe96cbbd685e888126581ae6485aa2038a31578fb122e38a2387400aba0e

    • SHA512

      26305e1aa9fd6d7dc95d71fb79cf585ddf0c8c1c3537994ee48bf4d66dc31a24301918253b820b6703fa5ce7526bb980c0364de85a047275ce5f7069a8f0078b

    • Target

      ae95189f757df558e743ff2e0701f3dc

    • Size

      214KB

    • MD5

      ae95189f757df558e743ff2e0701f3dc

    • SHA1

      96fce4b950f6d5ccf8694675f7157d8ba20908ea

    • SHA256

      d885209207b11f3ed12c9698ecb3febaa34ec7ab06a3b8f02de93bd3f6ff2111

    • SHA512

      48abfbd00d029a34817ac6f46f494eb1a8bce2b0c0af0e260bd38417c14833a5b0e4b358a5a425b406f52eff8116ad9e92aed361730a6c3b1ac75ea2591b7045

    • Target

      d92312b6a956d0d1da70c007068965f8

    • Size

      4.0MB

    • MD5

      d92312b6a956d0d1da70c007068965f8

    • SHA1

      b5cc0d75d0057b48e930f69bbbae317d316ab2f3

    • SHA256

      ada3608b57c864e2af35c3d465e1685581d53b7d74c23557ce8a5d965aab56e3

    • SHA512

      d24820241b03bdb862567d2d1a8c055feb8c1ea68cafa3007c57db88a6bfbbb4a9ef6550f1ecd14b6cc228d7dfdc60f02028432b079b96b3c988042ff18f7c21

    • Target

      e166035566a91e406ce66656be68012c

    • Size

      4.2MB

    • MD5

      e166035566a91e406ce66656be68012c

    • SHA1

      41f224255c6888ecefe73378d4b06743e6ec2998

    • SHA256

      3144216f5151b4b7fc059e0b5882a4680bb17a179b46715edbb054338ee0df74

    • SHA512

      70756ba5240b8e049c8a0b85dc1f6542e985d47c9d48dbdf3e215effc491143ebc62a9dd0a8096377816e87a32c91363ad13ae5fe05cf126b9a90719154ce80e

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

4
T1053

Persistence

Registry Run Keys / Startup Folder

4
T1060

Scheduled Task

4
T1053

Privilege Escalation

Scheduled Task

4
T1053

Defense Evasion

Modify Registry

4
T1112

Discovery

System Information Discovery

16
T1082

Query Registry

7
T1012

Peripheral Device Discovery

7
T1120

Remote System Discovery

7
T1018

Tasks

static1

Score
N/A

behavioral1

qakbotdomain011602007616bankerstealertrojan
Score
10/10

behavioral2

qakbotdomain011602007616bankerstealertrojan
Score
10/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

qakbotdomain011591171636bankerstealertrojan
Score
10/10

behavioral6

qakbotdomain011591171636bankerstealertrojan
Score
10/10

behavioral7

qakbotdomain011597161528bankerstealertrojan
Score
10/10

behavioral8

qakbotdomain011597161528bankerpersistencestealertrojan
Score
10/10

behavioral9

qakbotdomain011602007616bankerstealertrojan
Score
10/10

behavioral10

qakbotdomain011602007616bankerpersistencestealertrojan
Score
10/10

behavioral11

qakbotdomain011597161528bankerstealertrojan
Score
10/10

behavioral12

Score
1/10

behavioral13

qakbotdomain011597161528bankerstealertrojan
Score
10/10

behavioral14

Score
1/10

behavioral15

qakbotdomain011602007616bankerstealertrojan
Score
10/10

behavioral16

qakbotdomain011602007616bankerstealertrojan
Score
10/10

behavioral17

qakbotdomain011597161528bankerstealertrojan
Score
10/10

behavioral18

qakbotdomain011597161528bankerpersistencestealertrojan
Score
10/10

behavioral19

qakbotdomain011597161528bankerstealertrojan
Score
10/10

behavioral20

qakbotdomain011597161528bankerpersistencestealertrojan
Score
10/10