Celod.wac

General
Target

Celod.wac

Size

534KB

Sample

211021-mgh7zsbabq

Score
10 /10
MD5

898ba3b11fb261c893990e9a178d05ff

SHA1

9db70b8ed8e080050943dd92e6a90959e77abe1e

SHA256

c5148afaf55c8b27a41a5971b6e439c8076b57f84c518f31bfec4171cd112a13

SHA512

6ec3a441202e233c7cfc563c54023a24e83b55941db46abfd12d614ba5f3fb2fcd4a79515b1b876f10de13935543f421d36bd028c4a18370d7799d266ba76bf5

Malware Config

Extracted

Family qakbot
Version 402.363
Botnet biden54
Campaign 1634802135
C2

81.250.153.227:2222

120.150.218.241:995

76.25.142.196:443

63.143.92.99:995

89.101.97.139:443

136.143.11.232:443

81.213.59.22:443

136.232.34.70:443

140.82.49.12:443

37.208.181.198:61200

78.191.24.189:995

216.201.162.158:443

197.89.144.102:443

89.137.52.44:443

182.176.180.73:443

173.21.10.71:2222

117.198.156.56:443

196.207.140.40:995

103.142.10.177:443

24.231.209.2:6881

27.223.92.142:995

96.246.158.154:995

71.74.12.34:443

24.231.209.2:2222

75.188.35.168:443

209.210.95.228:995

73.151.236.31:443

220.255.25.187:2222

187.156.134.254:443

41.235.69.115:443

189.175.219.53:80

108.4.67.252:443

209.210.95.228:993

67.165.206.193:993

173.25.162.221:443

100.1.119.41:443

93.48.58.123:2222

65.100.174.110:443

201.137.10.225:443

24.229.150.54:995

146.66.238.74:443

68.204.7.158:443

37.208.181.198:443

41.86.42.158:995

189.135.16.92:443

187.75.66.160:995

72.173.78.211:443

37.117.191.19:2222

94.200.181.154:443

109.12.111.14:443
Attributes
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
Target

Celod.wac

MD5

898ba3b11fb261c893990e9a178d05ff

Filesize

534KB

Score
10/10
SHA1

9db70b8ed8e080050943dd92e6a90959e77abe1e

SHA256

c5148afaf55c8b27a41a5971b6e439c8076b57f84c518f31bfec4171cd112a13

SHA512

6ec3a441202e233c7cfc563c54023a24e83b55941db46abfd12d614ba5f3fb2fcd4a79515b1b876f10de13935543f421d36bd028c4a18370d7799d266ba76bf5

Tags

Signatures

  • Qakbot/Qbot

    Description

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    Tags

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry

  • Loads dropped DLL

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation