10bd9f37368e1f0e034f9a289dcf29b500e9a77f9e05621ca9e4e21c56d838c8

General
Target

10bd9f37368e1f0e034f9a289dcf29b500e9a77f9e05621ca9e4e21c56d838c8

Size

1MB

Sample

211021-t1vtfsbddp

Score
10 /10
MD5

45c23bf7827e99d6d80e4a6341861399

SHA1

50d163a0862d47831e48beeede3115e579536cdf

SHA256

10bd9f37368e1f0e034f9a289dcf29b500e9a77f9e05621ca9e4e21c56d838c8

SHA512

c0cd2a1f68a49927d7ee01f61344fece00c5c15c759819b28fb03222a78e1ed72fd51ad229166d34390aa8a61d3d616407935c69346674589c093fe77a5383ff

Malware Config

Extracted

Family qakbot
Version 402.363
Botnet tr
Campaign 1634541613
C2

120.150.218.241:995

24.119.214.7:443

103.143.8.71:443

81.241.252.59:2078

81.250.153.227:2222

174.54.193.186:443

73.52.50.32:443

39.49.122.240:995

86.220.112.26:2222

103.82.211.39:465

78.191.38.33:995

216.201.162.158:443

181.118.183.94:443

66.177.215.152:0

208.78.220.143:443

94.200.181.154:443

136.232.34.70:443

136.143.11.232:443

81.213.59.22:443

103.82.211.39:990

38.70.253.226:2222

98.203.26.168:443

199.27.127.129:443

31.167.109.100:443

93.48.58.123:2222

136.232.254.46:995

65.100.174.110:995

176.45.53.222:443

220.255.25.28:2222

91.178.126.51:995

37.210.155.239:995

105.198.236.99:995

117.215.228.151:443

129.208.61.171:995

115.96.64.9:995

196.207.140.40:995

76.25.142.196:443

24.231.209.2:2222

146.66.238.74:443

140.82.49.12:443

103.82.211.39:995

65.100.174.110:443

103.142.10.177:443

41.86.42.158:995

71.74.12.34:443

174.76.17.43:443

96.37.113.36:993

173.25.162.221:443

89.137.52.44:443

189.135.16.92:443

Attributes
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
Target

10bd9f37368e1f0e034f9a289dcf29b500e9a77f9e05621ca9e4e21c56d838c8

MD5

45c23bf7827e99d6d80e4a6341861399

Filesize

1MB

Score
10/10
SHA1

50d163a0862d47831e48beeede3115e579536cdf

SHA256

10bd9f37368e1f0e034f9a289dcf29b500e9a77f9e05621ca9e4e21c56d838c8

SHA512

c0cd2a1f68a49927d7ee01f61344fece00c5c15c759819b28fb03222a78e1ed72fd51ad229166d34390aa8a61d3d616407935c69346674589c093fe77a5383ff

Tags

Signatures

  • Qakbot/Qbot

    Description

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    Tags

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation