Resubmissions

28-12-2022 20:37

221228-zea5taef5v 10

13-07-2021 12:27

210713-cvc55ag4yn 10

25-02-2021 06:56

210225-dwftz9jkjn 10

04-11-2019 11:15

191104-athqk1tjxn 10

General

  • Target

    update2.exe

  • Size

    746KB

  • Sample

    210713-cvc55ag4yn

  • MD5

    0bfb4a1efbb20a7291fcc022dec7d58b

  • SHA1

    faec2a0afe296224f980ac059cf63f18eba800ce

  • SHA256

    73ae67036a0d291c18208037010de359520cd613dda2f9eabfde3fec5558324f

  • SHA512

    eae0e585ef29f56f27da897783ec582b228124437a6355cfd7b56be229558913dfd87d3005482c0fe54ba8f5e79fb1d50f869bd0e619b0ca7318ac055c62b425

Malware Config

Extracted

Family

qakbot

Version

323.91

Campaign

1572863946

Credentials

  • Protocol:
    ftp
  • Host:
    192.185.5.208
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    NxdkxAp4dUsY

  • Protocol:
    ftp
  • Host:
    162.241.218.118
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    EcOV0DyGVgVN

  • Protocol:
    ftp
  • Host:
    69.89.31.139
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    fcR7OvyLrMW6!

  • Protocol:
    ftp
  • Host:
    169.207.67.14
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    eQyicNLzzqPN
C2

112.171.126.153:443

67.200.146.98:2222

174.16.234.171:993

71.30.56.170:443

71.77.231.251:443

72.213.98.233:443

2.50.170.151:443

184.180.157.203:2222

96.35.170.82:2222

64.19.74.29:995

104.32.185.213:2222

104.3.91.20:995

173.22.120.11:2222

173.3.132.17:995

74.194.4.181:443

75.131.72.82:443

68.238.144.55:443

100.4.185.8:443

104.34.122.18:443

65.30.12.240:443

Targets

    • Target

      update2.exe

    • Size

      746KB

    • MD5

      0bfb4a1efbb20a7291fcc022dec7d58b

    • SHA1

      faec2a0afe296224f980ac059cf63f18eba800ce

    • SHA256

      73ae67036a0d291c18208037010de359520cd613dda2f9eabfde3fec5558324f

    • SHA512

      eae0e585ef29f56f27da897783ec582b228124437a6355cfd7b56be229558913dfd87d3005482c0fe54ba8f5e79fb1d50f869bd0e619b0ca7318ac055c62b425

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks