Resubmissions

28-11-2022 19:20

221128-x14m5sad69 10

28-11-2022 13:53

221128-q6zg2sgg66 10

General

  • Target

    AFL27.iso

  • Size

    742KB

  • Sample

    221128-x14m5sad69

  • MD5

    638f6bca78675365d31e3903b1f2756a

  • SHA1

    d9dd05f79fe4a844f37e64e05b7cc4dbc091c120

  • SHA256

    3da1cb0608f3709bf1331c4088fb258daf0200740b9b67afc6eec68a7f4b111a

  • SHA512

    ee5e3359e745caed4bd6316dc73ccec87b7c6c2fa87721f4201af0c94879957232d0d9c5936452005f09c15f216deb2f85ba1f91a33ba7628dd42c04b3147fd4

  • SSDEEP

    12288:DNym1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMznGBRA4cZDgNIg:DNJMFEO6dHvDe0P335EXpUNSleQ2cYcn

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      AFL27.iso

    • Size

      742KB

    • MD5

      638f6bca78675365d31e3903b1f2756a

    • SHA1

      d9dd05f79fe4a844f37e64e05b7cc4dbc091c120

    • SHA256

      3da1cb0608f3709bf1331c4088fb258daf0200740b9b67afc6eec68a7f4b111a

    • SHA512

      ee5e3359e745caed4bd6316dc73ccec87b7c6c2fa87721f4201af0c94879957232d0d9c5936452005f09c15f216deb2f85ba1f91a33ba7628dd42c04b3147fd4

    • SSDEEP

      12288:DNym1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMznGBRA4cZDgNIg:DNJMFEO6dHvDe0P335EXpUNSleQ2cYcn

    Score
    3/10
    • Target

      AS.js

    • Size

      9KB

    • MD5

      b6377f4364852191e440269dc0225850

    • SHA1

      4784a7c288fbffaea4e5c10cfc2da208578977a2

    • SHA256

      d0f396309db14bbe988e8ae6ba6dfb4451fc9db830484dcb7dec830b74d8467a

    • SHA512

      302ab00ac77e86b3448bcf7affeb5e127e606d977556af0da17d211b816bc00b2d54643ceacf219f2c4be6532781e1d64db31d4a307ae822f9b70dc1617da7db

    • SSDEEP

      192:CSLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5A0:N5Kk785UIhp/KTMhSeYmn2jiu5EjP+rV

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      peseta/data.txt

    • Size

      630KB

    • MD5

      58329a65cac27867d2777390f4eac0eb

    • SHA1

      a44b4f6d076498b6bf42dbf1a8a805f4570e7c04

    • SHA256

      9a6a43b0cdd989c911896933202401b848d2502db0219632f3aaa04a2e4687a4

    • SHA512

      8bde8e1c678a516abb67f4bfb6bc314477014123b4bab3e9c3d13e1e9e4e5dfd37e407b4c4c939b270234419f367d7a1e26a605770620312d1d0fe27ca5980b5

    • SSDEEP

      12288:Im1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMznGBRA4cZDA:rMFEO6dHvDe0P335EXpUNSleQ2cYcGLx

    Score
    1/10
    • Target

      peseta/flours.js

    • Size

      9KB

    • MD5

      b6377f4364852191e440269dc0225850

    • SHA1

      4784a7c288fbffaea4e5c10cfc2da208578977a2

    • SHA256

      d0f396309db14bbe988e8ae6ba6dfb4451fc9db830484dcb7dec830b74d8467a

    • SHA512

      302ab00ac77e86b3448bcf7affeb5e127e606d977556af0da17d211b816bc00b2d54643ceacf219f2c4be6532781e1d64db31d4a307ae822f9b70dc1617da7db

    • SSDEEP

      192:CSLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5A0:N5Kk785UIhp/KTMhSeYmn2jiu5EjP+rV

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      peseta/gratiae.ps1

    • Size

      367B

    • MD5

      5479e1a9617b0222d0a8f001c63fb23b

    • SHA1

      0c5428239a418c8586d1699adafeb2bddb0f8c95

    • SHA256

      e6f4fe47c6e08c3b995b5e69efee09a853426607d64715bb1cf215640f785d58

    • SHA512

      7bc5e090fbabd4746c1a075ed4d7bbfbdb4e0a235ff8c1be5e8257d5daf4f3e22a3f04d25d21108446a684cc7371eea6882d3c1d855a3c12e868a2e8d01d4ffa

    Score
    1/10
    • Target

      peseta/opalescent.jpg

    • Size

      26KB

    • MD5

      e5f0f548e522f0ae14c10f7cf6d41b54

    • SHA1

      c8271a2b42226a45b9c70137f1bc69b432b6e65f

    • SHA256

      5fe310354508efaf34d2da0af9b1c2e61e6b1d785698f7ca98fb85ed1a565618

    • SHA512

      cfefce9b846979d5b1f5dcc5cbae5709073dfb81928e85fc763f267cceb74a3602c8255575b847fceed9b45d667632f880b8c0fe3e29723321db7b5369936ab4

    • SSDEEP

      768:L3AonmQfsXxbWpb+3GpKzdJlVwej22gyUjR:bAOmQfDbeeK9OeayUjR

    Score
    3/10

MITRE ATT&CK Enterprise v6

Tasks