General

  • Target

    VO-756.iso

  • Size

    690KB

  • Sample

    221129-gxbj7ace79

  • MD5

    5453066177c8a8352243e6575266d536

  • SHA1

    a0102f7a7eb988c395307cbaf8188541704fd514

  • SHA256

    0e95ff90f54057a32849e615dd615d947c6932383d01f9efc01c4e106d64a863

  • SHA512

    540f9361b3441cc4e7fb0589fa86b760df5daba54aa285e73e4aeca6042e61e069a92a244b92d8945a6e972e492be1b21baca35b3daff5099c12455457737538

  • SSDEEP

    12288:Jhm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:J6MFEO6dHvDe0P335EXpUNSleQ2cYCGg

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      AS.js

    • Size

      131B

    • MD5

      2b0f9e1ca1aee199de0cc4f2159b8832

    • SHA1

      7862ef406f7c6e9a8e8d9a2a7482b85780a6a25b

    • SHA256

      68498e9ff091f30e623fffab48c4f1d09f968a59c497b143895d02f300f7e8c0

    • SHA512

      485bf7e2ddcf5e5058b58c50d91d52c7080a118423d54819550f4b2f95bce6a3c5ab3c516bc2ff1df8eaa2fde8fb676ce794cd5e0e75a67bc67d83871aa52ad2

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      fix/plaintiveness.js

    • Size

      131B

    • MD5

      2b0f9e1ca1aee199de0cc4f2159b8832

    • SHA1

      7862ef406f7c6e9a8e8d9a2a7482b85780a6a25b

    • SHA256

      68498e9ff091f30e623fffab48c4f1d09f968a59c497b143895d02f300f7e8c0

    • SHA512

      485bf7e2ddcf5e5058b58c50d91d52c7080a118423d54819550f4b2f95bce6a3c5ab3c516bc2ff1df8eaa2fde8fb676ce794cd5e0e75a67bc67d83871aa52ad2

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      fix/worlds.ps1

    • Size

      377B

    • MD5

      eff4099ef965ff990feadfc07ec4fa45

    • SHA1

      33f65bbdec8933c18ff9adb670edf41bd6d99814

    • SHA256

      5a9a33cf23a1e306e0956cc7e0706a0a6deb778f44105473018ee791e315ee64

    • SHA512

      7290331c16185eb95a22c0a7eaa8746046a82302f40c418ce245687e7335469cb978eafb1a9c85324c50981555d8be56ac9c50eab9455f837f3bd98c0fff3f52

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Tasks