Resubmissions

16-11-2022 16:45

221116-t9e5cscb26 10

16-11-2022 16:39

221116-t54bdsga6y 10

General

  • Target

    CVYO58.img

  • Size

    722KB

  • Sample

    221116-t54bdsga6y

  • MD5

    b4bf48b9b767418ff5e0d38847ba970c

  • SHA1

    6ed370e4aa235b59633176a326ed095321af4ad1

  • SHA256

    dfd6ac6c276a12491e19f1f662b27ce521b34ed3893fc6a6f371ca5150f49b88

  • SHA512

    2f7b21bed8f9c5e70fee6b96c8397de2f1a8f6587ecfba36f9bf4e5de94f29a5914b193564f4a1504fcd34c3f50fe802a44aec0e5edc905fc1399add09f50a16

  • SSDEEP

    12288:KYJ/TGcg+w9KCGJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:KYJ/TGckKCG30IAIQR3O7OjHHApc

Malware Config

Extracted

Family

qakbot

Version

404.27

Botnet

BB06

Campaign

1668492308

C2

49.175.72.56:443

81.229.117.95:2222

47.41.154.250:443

69.133.162.35:443

84.35.26.14:995

68.47.128.161:443

156.217.219.147:995

87.65.160.87:995

174.101.111.4:443

82.127.174.33:2222

91.169.12.198:32100

24.28.121.122:443

157.231.42.190:995

90.89.95.158:2222

74.33.84.227:443

24.64.114.59:2222

80.13.179.151:2222

64.207.237.118:443

24.206.27.39:443

170.253.25.35:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      CVYO58.img

    • Size

      722KB

    • MD5

      b4bf48b9b767418ff5e0d38847ba970c

    • SHA1

      6ed370e4aa235b59633176a326ed095321af4ad1

    • SHA256

      dfd6ac6c276a12491e19f1f662b27ce521b34ed3893fc6a6f371ca5150f49b88

    • SHA512

      2f7b21bed8f9c5e70fee6b96c8397de2f1a8f6587ecfba36f9bf4e5de94f29a5914b193564f4a1504fcd34c3f50fe802a44aec0e5edc905fc1399add09f50a16

    • SSDEEP

      12288:KYJ/TGcg+w9KCGJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:KYJ/TGckKCG30IAIQR3O7OjHHApc

    Score
    3/10
    • Target

      CV.vbs

    • Size

      9KB

    • MD5

      ccb57dfa5f601816c612125eac087adb

    • SHA1

      f7f891d845026472ace7d6ed32fefea62a5b60ae

    • SHA256

      fc2e04e4d8a9f8fd99bc546ee5bc9d8f556eec1102ac51593ca12880c865f212

    • SHA512

      565bf7c130c34fec471300653c739358ac0854f9e60f154774c447b3757a2464b2e796e34496cf0d1b4b3e82b7d3a168484ca4f6aedaf762037710822357229a

    • SSDEEP

      192:mEW+eSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:Hm41ajrcpE4rocCMhidGpPGmX0jWbX

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      inducted/backslid.tmp

    • Size

      624KB

    • MD5

      c8d388ab1b0b5b353a7874c57df24c8c

    • SHA1

      2f1197810658afb8944c5df9976cdfc76380efd9

    • SHA256

      0bd7d5e39c2f403c6d6dc985c6c147d64ef2698df7ffad5204f0b3146e22f616

    • SHA512

      c4a14dcf46789f7d2287c9cab6b1efbeefe075c6ebd3417805808b0a37ffa50b077fae478721ee4dc579a5212ea1a2966dda94a84979d1255ea885f060d894a7

    • SSDEEP

      12288:i/TGcg+w9KCGJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H:i/TGckKCG30IAIQR3O7OjHHAp

MITRE ATT&CK Enterprise v6

Tasks