General

  • Target

    49306264f814120088dd56af325db4f43ef3a0142b18ce482d021ae098d776e0

  • Size

    221KB

  • Sample

    220214-t9wgcabgar

  • MD5

    007d64063d521e8dd2b7cd476c7a81f6

  • SHA1

    92ac76f5cadbf4473e51cecff07d901569f40608

  • SHA256

    49306264f814120088dd56af325db4f43ef3a0142b18ce482d021ae098d776e0

  • SHA512

    8a9b43664242543bb03ab61e3807657fcd745ec514b0e639183b403fb620627d529cea0573f0342f1a682dc60694a68aa3c8d1d707d30a4102f1376258a5631d

Malware Config

Extracted

Family

qakbot

Version

324.75

Botnet

spx91

Campaign

1586264831

C2

100.38.123.22:443

72.16.212.107:465

65.131.79.162:995

65.96.36.157:443

24.61.47.73:443

73.192.209.168:443

93.114.89.119:995

71.58.21.235:443

68.174.9.179:443

73.137.187.150:443

71.178.38.101:443

50.29.181.193:995

31.5.189.71:443

68.49.120.179:443

24.203.36.180:2222

81.102.127.116:443

86.106.126.189:443

68.224.192.39:443

184.21.151.81:995

173.175.29.210:443

Targets

    • Target

      49306264f814120088dd56af325db4f43ef3a0142b18ce482d021ae098d776e0

    • Size

      221KB

    • MD5

      007d64063d521e8dd2b7cd476c7a81f6

    • SHA1

      92ac76f5cadbf4473e51cecff07d901569f40608

    • SHA256

      49306264f814120088dd56af325db4f43ef3a0142b18ce482d021ae098d776e0

    • SHA512

      8a9b43664242543bb03ab61e3807657fcd745ec514b0e639183b403fb620627d529cea0573f0342f1a682dc60694a68aa3c8d1d707d30a4102f1376258a5631d

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Tasks