Resubmissions

16-09-2022 16:18

220916-trxxfsbhfn 10

15-09-2022 14:37

220915-rzkkzsdda7 10

15-09-2022 12:25

220915-plm3vadae2 7

General

  • Target

    Claim_Letter#630026(13Sep2022).html

  • Size

    531KB

  • Sample

    220915-rzkkzsdda7

  • MD5

    457691291b130861f9a0bd3713cebbd2

  • SHA1

    e953e92ffdcc6c2a0690cac3609efbd45e36ef3c

  • SHA256

    cb6389c030782452ce9db7d4cbb665de06d969ea03aa0fdd235a018d99398d04

  • SHA512

    bd8178ba129530de28491bb86b730233b61dffff830d341b83264905af5eb61057c47e94540f403bde002f3ed30ec33cb1c5b11a5e2a4cdbd562dcc8eb04b71a

  • SSDEEP

    6144:bmG04xlIE4w2SJrjY82oULCyIK5Uj+N2iZ+crS12IDkw1gof4lSBusVe5Mk/D0cH:zUUxi0ZAggof4sQr0cLGu

Malware Config

Extracted

Family

qakbot

Version

403.858

Botnet

obama202

Campaign

1663062752

C2

99.232.140.205:2222

41.69.118.117:995

179.111.111.88:32101

37.210.148.30:995

47.146.182.110:443

191.97.234.238:995

64.207.215.69:443

88.233.194.154:2222

81.131.161.131:2078

86.98.156.176:993

200.161.62.126:32101

88.244.84.195:443

78.100.254.17:2222

85.114.99.34:443

113.170.216.154:443

194.49.79.231:443

193.3.19.37:443

84.38.133.191:443

175.110.231.67:443

191.84.204.214:995

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Claim_Letter#630026(13Sep2022).html

    • Size

      531KB

    • MD5

      457691291b130861f9a0bd3713cebbd2

    • SHA1

      e953e92ffdcc6c2a0690cac3609efbd45e36ef3c

    • SHA256

      cb6389c030782452ce9db7d4cbb665de06d969ea03aa0fdd235a018d99398d04

    • SHA512

      bd8178ba129530de28491bb86b730233b61dffff830d341b83264905af5eb61057c47e94540f403bde002f3ed30ec33cb1c5b11a5e2a4cdbd562dcc8eb04b71a

    • SSDEEP

      6144:bmG04xlIE4w2SJrjY82oULCyIK5Uj+N2iZ+crS12IDkw1gof4lSBusVe5Mk/D0cH:zUUxi0ZAggof4sQr0cLGu

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks