General

  • Target

    f040eaa44743559e59562e0afbe00690adcf231c367bbc65f2480693ead56081

  • Size

    1.0MB

  • Sample

    220414-gszq8ahbc6

  • MD5

    cac34d0958a064df5a44150afe7b12bc

  • SHA1

    3092810f55a4ddcb5a6ec1649ab8ec9cdab13f0b

  • SHA256

    f040eaa44743559e59562e0afbe00690adcf231c367bbc65f2480693ead56081

  • SHA512

    18efb3d70216d25f12cd0badea54007a5dea78b51d70a728617adfd69e0e34c0bf12fd64f7d20a088f1edb66a4c550024b2e48288f7a540fa55488121a208e50

Malware Config

Extracted

Family

qakbot

Version

325.59

Botnet

tr01

Campaign

1604997522

C2

122.61.213.85:443

2.50.89.119:995

189.183.201.0:443

86.98.145.152:2222

96.241.66.126:443

90.101.117.122:2222

94.69.112.148:2222

81.150.181.168:2222

82.127.125.209:2222

81.214.126.173:2222

86.140.82.116:20

172.87.157.235:443

176.181.247.197:443

78.97.110.47:443

5.15.90.117:2222

41.206.131.156:443

151.73.112.67:443

82.127.125.209:990

197.45.110.165:995

81.133.234.36:2222

Targets

    • Target

      f040eaa44743559e59562e0afbe00690adcf231c367bbc65f2480693ead56081

    • Size

      1.0MB

    • MD5

      cac34d0958a064df5a44150afe7b12bc

    • SHA1

      3092810f55a4ddcb5a6ec1649ab8ec9cdab13f0b

    • SHA256

      f040eaa44743559e59562e0afbe00690adcf231c367bbc65f2480693ead56081

    • SHA512

      18efb3d70216d25f12cd0badea54007a5dea78b51d70a728617adfd69e0e34c0bf12fd64f7d20a088f1edb66a4c550024b2e48288f7a540fa55488121a208e50

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks