General

  • Target

    JG26.img

  • Size

    970KB

  • Sample

    221117-1ty1vsga22

  • MD5

    873961ada0ec8120be8caaa56afef082

  • SHA1

    af56ba15101e314d7bd87ea6217d04c1ab561036

  • SHA256

    0260eb4bc99fb08542f0f8e7725a4a22ff64fe2dcb793747699c95a807d2b6ab

  • SHA512

    c23e626784cc21738c93aa8a3cdaaa277ece4d829a2d76392fd1a95ec56b3f7e5fe9eef53b70e05ea83a39758974122ca9d12de7d8404360c9ff76f16ea27436

  • SSDEEP

    12288:To96F+DfZxL4+Dir8lkQ5z4hbFmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:To96F+DRt4Tr8lkBhRp2QOUDKw9

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      JG26.img

    • Size

      970KB

    • MD5

      873961ada0ec8120be8caaa56afef082

    • SHA1

      af56ba15101e314d7bd87ea6217d04c1ab561036

    • SHA256

      0260eb4bc99fb08542f0f8e7725a4a22ff64fe2dcb793747699c95a807d2b6ab

    • SHA512

      c23e626784cc21738c93aa8a3cdaaa277ece4d829a2d76392fd1a95ec56b3f7e5fe9eef53b70e05ea83a39758974122ca9d12de7d8404360c9ff76f16ea27436

    • SSDEEP

      12288:To96F+DfZxL4+Dir8lkQ5z4hbFmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:To96F+DRt4Tr8lkBhRp2QOUDKw9

    Score
    3/10
    • Target

      WW.js

    • Size

      9KB

    • MD5

      c40116fa79f8fdad8945fae0f3a650b8

    • SHA1

      d6454c49ce5c43b61f7f595a9ece90b60d3518a2

    • SHA256

      033a5b879b9e31ddea594cbfa1844d5311f1e00b5e143b3ca8cde752bea176e3

    • SHA512

      400eb7fd6dbfac7dae68b20628211684968074a2ddc9ba47cf6d6ca716e6c04fc9c14fa13c791416a399ac608bddee25c46eb91ef3da33b90b3147954eae7197

    • SSDEEP

      192:MSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:bVq2k785UIro8KTMhSeYm5P2jiuuEjP4

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      animators/breakables.tmp

    • Size

      835KB

    • MD5

      4463dab59e9e0e5d5cc1b5c0a7bb3ca7

    • SHA1

      adfa14a7ec560395c3271d05c452582f7c10de1a

    • SHA256

      88bb80226f8427b7b2704141012d6a4aea31262596ab0ce35f1e4638c8a10e72

    • SHA512

      ad5080ca98d07ce321c3056090f9881a0dcac763d9f97e70a12d2adb262f3cf230e713a819cfe3fcedeb6201d55d3ba215f3f9a67cfff3ea00cc40123a5d0c1d

    • SSDEEP

      12288:T6F+DfZxL4+Dir8lkQ5z4hbFmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhRp2QOU

MITRE ATT&CK Enterprise v6

Tasks