General

  • Target

    dceabddc2b7564bea7d94ddc1bf03ce00d3dce3fa46d03d18858ae93119b8578

  • Size

    1.0MB

  • Sample

    220414-gwdyxshca8

  • MD5

    fba062bf0f706d5d6e24a5d42e86c8ea

  • SHA1

    f8c9cb701ee0a372704569a886ea9b300ec54603

  • SHA256

    dceabddc2b7564bea7d94ddc1bf03ce00d3dce3fa46d03d18858ae93119b8578

  • SHA512

    2b4103c05ea6c669a6829a48b18dacab325edfe21abc917c8df37ba3f569031feedb2e7a7876079795ad5ed5bb46a22613a78e032db9d248f1768ce2968bf6fe

Malware Config

Extracted

Family

qakbot

Version

325.59

Botnet

tr01

Campaign

1604997522

C2

122.61.213.85:443

2.50.89.119:995

189.183.201.0:443

86.98.145.152:2222

96.241.66.126:443

90.101.117.122:2222

94.69.112.148:2222

81.150.181.168:2222

82.127.125.209:2222

81.214.126.173:2222

86.140.82.116:20

172.87.157.235:443

176.181.247.197:443

78.97.110.47:443

5.15.90.117:2222

41.206.131.156:443

151.73.112.67:443

82.127.125.209:990

197.45.110.165:995

81.133.234.36:2222

Targets

    • Target

      dceabddc2b7564bea7d94ddc1bf03ce00d3dce3fa46d03d18858ae93119b8578

    • Size

      1.0MB

    • MD5

      fba062bf0f706d5d6e24a5d42e86c8ea

    • SHA1

      f8c9cb701ee0a372704569a886ea9b300ec54603

    • SHA256

      dceabddc2b7564bea7d94ddc1bf03ce00d3dce3fa46d03d18858ae93119b8578

    • SHA512

      2b4103c05ea6c669a6829a48b18dacab325edfe21abc917c8df37ba3f569031feedb2e7a7876079795ad5ed5bb46a22613a78e032db9d248f1768ce2968bf6fe

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks