General

  • Target

    10d47223997a57c61309ef019dd7e7f7279b6ae2c1cf6633c53113fe3034d1de

  • Size

    2.1MB

  • Sample

    220205-xz48aaegep

  • MD5

    0a9c1233092c30e2f0aa8e6b1d3873d9

  • SHA1

    6a666f68ef1e059871cce88299476e2175b09217

  • SHA256

    10d47223997a57c61309ef019dd7e7f7279b6ae2c1cf6633c53113fe3034d1de

  • SHA512

    e37b3556b5bac7bd4ad4cfbde79eef134bc3fa096929534d322feb627dc5c51938e6cf60a2f9a5b54d7302201eeb2872fc3508837c7e33b6e756831ae7b2c7ba

Malware Config

Extracted

Family

qakbot

Version

324.75

Botnet

spx91

Campaign

1586289193

C2

173.173.1.164:443

70.62.160.186:6883

68.41.60.225:443

100.40.48.96:443

73.192.209.168:443

93.114.89.119:995

64.19.74.29:995

73.60.148.209:443

66.26.160.37:443

97.96.51.117:443

5.13.221.230:443

68.174.9.179:443

73.137.187.150:443

24.37.178.158:443

47.136.224.60:443

68.39.177.147:995

176.223.46.147:443

72.29.181.77:2078

68.174.15.223:443

50.29.181.193:995

Targets

    • Target

      10d47223997a57c61309ef019dd7e7f7279b6ae2c1cf6633c53113fe3034d1de

    • Size

      2.1MB

    • MD5

      0a9c1233092c30e2f0aa8e6b1d3873d9

    • SHA1

      6a666f68ef1e059871cce88299476e2175b09217

    • SHA256

      10d47223997a57c61309ef019dd7e7f7279b6ae2c1cf6633c53113fe3034d1de

    • SHA512

      e37b3556b5bac7bd4ad4cfbde79eef134bc3fa096929534d322feb627dc5c51938e6cf60a2f9a5b54d7302201eeb2872fc3508837c7e33b6e756831ae7b2c7ba

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Tasks