General

  • Target

    1f437a20cd32d0ae07518b4b65c1d045332e41465f850ab308aa06f69ac37566

  • Size

    1.9MB

  • Sample

    220330-ajcf1ahchq

  • MD5

    effc16108c3a01c9dde680f925ffa29a

  • SHA1

    dd18c4f7208008cc831c359e4010039e7d47c50b

  • SHA256

    1f437a20cd32d0ae07518b4b65c1d045332e41465f850ab308aa06f69ac37566

  • SHA512

    b5394d1abcdb47123181b8f94a2adf7d961234ba2eddf7c97f5763be9285e21fc91dee5faa4d52912b9050b86e3155d0f2a876f88d58b7200202ee62e88ae02e

Malware Config

Extracted

Family

qakbot

Version

325.59

Botnet

tr01

Campaign

1604997522

C2

122.61.213.85:443

2.50.89.119:995

189.183.201.0:443

86.98.145.152:2222

96.241.66.126:443

90.101.117.122:2222

94.69.112.148:2222

81.150.181.168:2222

82.127.125.209:2222

81.214.126.173:2222

86.140.82.116:20

172.87.157.235:443

176.181.247.197:443

78.97.110.47:443

5.15.90.117:2222

41.206.131.156:443

151.73.112.67:443

82.127.125.209:990

197.45.110.165:995

81.133.234.36:2222

Targets

    • Target

      1f437a20cd32d0ae07518b4b65c1d045332e41465f850ab308aa06f69ac37566

    • Size

      1.9MB

    • MD5

      effc16108c3a01c9dde680f925ffa29a

    • SHA1

      dd18c4f7208008cc831c359e4010039e7d47c50b

    • SHA256

      1f437a20cd32d0ae07518b4b65c1d045332e41465f850ab308aa06f69ac37566

    • SHA512

      b5394d1abcdb47123181b8f94a2adf7d961234ba2eddf7c97f5763be9285e21fc91dee5faa4d52912b9050b86e3155d0f2a876f88d58b7200202ee62e88ae02e

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks