A.png

General
Target

A.png

Size

1MB

Sample

220623-sejcvsdfcj

Score
10 /10
MD5

aa95079f104db9cf097b37a0275b8d01

SHA1

019c5b1204950d263f308ca737a44692af7a88e5

SHA256

9e806c06eb65dd6e36df8383830cb068f7b345170258070c2806bc8f43dbfe29

SHA512

a7cdf7e6199d18cf2194f79ff53e32c3893f02293fad49c08b137efa79d14285344aafe65564b8d5d940bd83d8be1c81344e30173c340839d343de08b7823edc

Malware Config

Extracted

Family qakbot
Version 403.780
Botnet AA
Campaign 1655971687
C2

38.70.253.226:2222

47.23.89.60:993

120.150.218.241:995

117.248.109.38:21

37.34.253.233:443

86.132.14.70:2078

111.125.245.116:995

217.165.85.191:993

176.45.232.204:995

5.32.41.45:443

93.48.80.198:995

100.38.242.113:995

94.59.252.166:2222

74.14.5.179:2222

71.13.93.154:2222

193.253.44.249:2222

108.60.213.141:443

45.241.231.78:993

217.128.122.65:2222

40.134.246.185:995

1.161.124.241:443

70.46.220.114:443

24.43.99.75:443

32.221.224.140:995

80.11.74.81:2222

31.215.184.140:2222

39.49.85.29:995

67.209.195.198:443

186.90.153.162:2222

148.64.96.100:443

67.165.206.193:993

210.246.4.69:995

208.107.221.224:443

89.101.97.139:443

88.234.116.71:443

121.7.223.45:2222

104.34.212.7:32103

69.14.172.24:443

41.228.22.180:443

197.87.182.60:443

24.178.196.158:2222

1.161.124.241:995

189.78.107.163:32101

39.52.74.55:995

2.34.12.8:443

182.191.92.203:995

173.21.10.71:2222

39.41.2.45:995

90.114.10.16:2222

184.97.29.26:443

Attributes
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
Target

A.png

MD5

aa95079f104db9cf097b37a0275b8d01

Filesize

1MB

Score
10/10
SHA1

019c5b1204950d263f308ca737a44692af7a88e5

SHA256

9e806c06eb65dd6e36df8383830cb068f7b345170258070c2806bc8f43dbfe29

SHA512

a7cdf7e6199d18cf2194f79ff53e32c3893f02293fad49c08b137efa79d14285344aafe65564b8d5d940bd83d8be1c81344e30173c340839d343de08b7823edc

Tags

Signatures

  • Qakbot/Qbot

    Description

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    Tags

  • Loads dropped DLL

  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                      Privilege Escalation
                        Tasks