e2bc969424adc97345ac81194d316f58da38621aad3ca7ae27e40a8fae582987

General
Target

e2bc969424adc97345ac81194d316f58da38621aad3ca7ae27e40a8fae582987

Size

545KB

Sample

211115-r554waafe6

Score
10 /10
MD5

53510e20efb161d5b71c4ce2800c1a8d

SHA1

2268178851d0d0debb9ab457d73af8a5e50af168

SHA256

e2bc969424adc97345ac81194d316f58da38621aad3ca7ae27e40a8fae582987

SHA512

27f4f030928581d23212e18cfd0b33376677cef43ad5605e124cd80e2102cd1d559bf205ae1693e5e6567a6bd33d00d0e7209e32d503116d8b1594cb78ae69a3

Malware Config

Extracted

Family qakbot
Version 402.363
Botnet tr
Campaign 1633597626
C2

120.150.218.241:995

185.250.148.74:443

89.137.52.44:443

66.103.170.104:2222

86.8.177.143:443

216.201.162.158:443

174.54.193.186:443

103.148.120.144:443

188.50.169.158:443

124.123.42.115:2222

140.82.49.12:443

199.27.127.129:443

81.241.252.59:2078

209.142.97.161:995

209.50.20.255:443

73.230.205.91:443

200.232.214.222:995

103.142.10.177:443

2.222.167.138:443

41.228.22.180:443

122.11.220.212:2222

78.191.58.219:995

47.22.148.6:443

74.72.237.54:443

217.17.56.163:465

96.57.188.174:2078

94.200.181.154:443

37.210.152.224:995

201.93.111.2:995

202.134.178.157:443

89.101.97.139:443

73.52.50.32:443

188.55.235.110:995

27.223.92.142:995

181.118.183.94:443

136.232.34.70:443

186.32.163.199:443

72.173.78.211:443

76.25.142.196:443

45.46.53.140:2222

98.157.235.126:443

173.21.10.71:2222

73.151.236.31:443

71.74.12.34:443

75.75.179.226:443

167.248.117.81:443

67.165.206.193:993

47.40.196.233:2222

72.252.201.69:443

181.4.53.6:465

Attributes
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
Target

e2bc969424adc97345ac81194d316f58da38621aad3ca7ae27e40a8fae582987

MD5

53510e20efb161d5b71c4ce2800c1a8d

Filesize

545KB

Score
10/10
SHA1

2268178851d0d0debb9ab457d73af8a5e50af168

SHA256

e2bc969424adc97345ac81194d316f58da38621aad3ca7ae27e40a8fae582987

SHA512

27f4f030928581d23212e18cfd0b33376677cef43ad5605e124cd80e2102cd1d559bf205ae1693e5e6567a6bd33d00d0e7209e32d503116d8b1594cb78ae69a3

Tags

Signatures

  • Qakbot/Qbot

    Description

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    Tags

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation