General

  • Target

    Agreement_NFK58.iso

  • Size

    662KB

  • Sample

    221118-vrdz1sdh4w

  • MD5

    9484312e8cb775cda836dbee177c4060

  • SHA1

    a05e07c8c24574a61479df658835f780f4868535

  • SHA256

    aaba1b6cef10304f93b1ade13dc59aba4c9fb385907d9b9cb2cb934a2c9b5b2f

  • SHA512

    9d095a7563b92d2e4148d44778f329a30ba8554347773f5d8ea2b0b8673a52d4df59cb830cba6c805a0d119fd1cacc9e0ed3f02c37af734bbf41450f5dcd7549

  • SSDEEP

    12288:SNCLxwOQHy6E1YF7P01JSdCLjqa/9cNdMxgligH8:SNCLxSHy6VP0/Ssfh9cUM

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

obama223

Campaign

1668757345

C2

68.47.128.161:443

87.65.160.87:995

172.90.139.138:2222

86.175.128.143:443

12.172.173.82:465

71.247.10.63:2083

47.41.154.250:443

91.254.215.167:443

71.31.101.183:443

81.229.117.95:2222

24.4.239.157:443

41.99.177.175:443

92.149.205.238:2222

73.230.28.7:443

47.229.96.60:443

186.188.2.193:443

174.112.25.29:2078

84.35.26.14:995

86.130.9.167:2222

116.74.163.221:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Agreement.js

    • Size

      9KB

    • MD5

      e5d688ed14e74fedb1d2a4dab64fd620

    • SHA1

      9ec4a4829d560d821092087600747c6cb52a5002

    • SHA256

      616a1c3a65fed4142c80f37a67f87d4d83af6ce28fd842f20c184ed995908894

    • SHA512

      368d546d3d491ae09d501d452730086d542fe6df9a0e979ae59183ed57f78ff7fb1bf960ddafa65c7d7ee1d3a346e3d343cb7801f1afc8cc6b64952f6fa0e55d

    • SSDEEP

      192:/0SLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:/j5Kk785UIhp/KTMhSeYmn2jiu5EjP+I

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      debunked/slaughterhouse.temp

    • Size

      374KB

    • MD5

      b1e1d2ea1e2e0936aeb8e3f79ade7406

    • SHA1

      5a53f3dc8e4cda7bd92a21361fada7f814c9f3fe

    • SHA256

      820c86717ed36270cd3dd2e4e659d559908ddfbc942686ddcbeec48a321b86c4

    • SHA512

      355959e8d68dee491ce1518b5afac86b03a9e53044b5799d7baeb6ca2b2abdbd4223e6a8238880d857dbe037936ff1c35bb33dacc9158e64fb8febee040827c7

    • SSDEEP

      6144:XKR66t98Uah1oq7PbQIIJSLiyCE0taaRIC6w/9I0FK+20m6WdMxgYURpi92H4X:w6E1YF7P01JSdCLjqa/9cNdMxgligH8

MITRE ATT&CK Enterprise v6

Tasks