General

  • Target

    JN79.img

  • Size

    842KB

  • Sample

    221118-qe7dksdc7t

  • MD5

    94faf871d3736a7b3ea0289d87036e7e

  • SHA1

    49556423a3f42badb43f088d21bb9736ba4e737c

  • SHA256

    fdf4be7edd488f2339e941acb52c9cef37d53d702649a87be8488a6ae3b6bcf5

  • SHA512

    7f3ca9824c6b6abdf8536a18daaa8880b3890bba71a1bca86a9618c86604cd49a25775341f76ef1fe7360b23fce1d4d5055757c7d98f0874ddd8a3303273b8be

  • SSDEEP

    24576:bNNpOK8zWcCTibQsC3BbYGQajBp6Pi1YWaw4:XQK8IL3BbzQaNpx1Da

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      JN79.img

    • Size

      842KB

    • MD5

      94faf871d3736a7b3ea0289d87036e7e

    • SHA1

      49556423a3f42badb43f088d21bb9736ba4e737c

    • SHA256

      fdf4be7edd488f2339e941acb52c9cef37d53d702649a87be8488a6ae3b6bcf5

    • SHA512

      7f3ca9824c6b6abdf8536a18daaa8880b3890bba71a1bca86a9618c86604cd49a25775341f76ef1fe7360b23fce1d4d5055757c7d98f0874ddd8a3303273b8be

    • SSDEEP

      24576:bNNpOK8zWcCTibQsC3BbYGQajBp6Pi1YWaw4:XQK8IL3BbzQaNpx1Da

    Score
    3/10
    • Target

      SK.js

    • Size

      9KB

    • MD5

      8263a8aab66d3fc99d09a36bf5f0c72a

    • SHA1

      cb736a283fdd54f701dc0c6f1b9fe97b01572bc3

    • SHA256

      2b51e274db93726d4e4109b400dd80ab91c35c0779ea2edc1672ba963e41ca97

    • SHA512

      44d2287359c8646f0a9b8fb083736257f4e8e9bf391598ecd6374e3574ca243660c14b73d5cede5ad63509eb62bf8dd420aa702b1cebcfd70582481a9b730f20

    • SSDEEP

      192:cnSLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:H52k785UIhp/KTMhSeYmn2jiu5EjP+rs

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      manacle/perpendicularly.temp

    • Size

      372KB

    • MD5

      66e0967c9447bd3a34d93b9a5988a360

    • SHA1

      4cb4e1f07b11e2c562f0523747eec1a575d25a04

    • SHA256

      73b5c1367699fa8806ebe07ddbcf48660299399d0c9ac8d645de85257208539c

    • SHA512

      cefe8f375c9b39ed21052398f2a6bac4ab6b572be77bdc00c5c994643bd9bf0a744eea475ad7fa1078acffcf5c4c4c4cd5a24fe98a618e6052eb263c1ac10608

    • SSDEEP

      6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XzeDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XzZ+s7pohvRJhr

MITRE ATT&CK Enterprise v6

Tasks