General

  • Target

    QA-146.iso

  • Size

    690KB

  • Sample

    221129-qmn7zacf93

  • MD5

    2604fe631da4047e48de3aa801328ac5

  • SHA1

    08507ec399c9de3be0822d3d44e11e2b7b9ddec9

  • SHA256

    f5b2c87e33d51974c6d45546a877523468bfd6b6ba435e288111b631460593c7

  • SHA512

    62d0d2dd1fe54d0b82c611682d6272aba9635b812d28c76c964be2ec14ef7f3938af1aaf0ab7d3e34af5d1e406d8d22c0b09f9a7dcfdebf1833610e1594556a3

  • SSDEEP

    12288:Km1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:BMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      AS.js

    • Size

      136B

    • MD5

      44b9e02c0b127303cc0e717d18823419

    • SHA1

      ab7046247330661d92ee2e34157b51c767dba5f2

    • SHA256

      f08a39b2f64cba0c4a134cb758f4cf219b9cf0ea9026255304b37dcd5f225d50

    • SHA512

      e8b7b5d6341915d717ca84c66873916dd0f610897e33279ee6876cad471129d114a09c6805c684d236dfeb9f77dfbd5a68ea7b3b20925677f81332acf4d2086b

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      fix/unseaworthy.ps1

    • Size

      376B

    • MD5

      11c38dd47cefe941f8bf647a0d6b4779

    • SHA1

      a3cb39493e852de7cd71dc8cb66e549f75c25a15

    • SHA256

      4bbe2c643d69219c23f79fa56fb416b8fe4b10ebc9939f06b42c094229921b56

    • SHA512

      fc9e735f5a01e6eb0b43c6f379f5c6ef7c0dee49ca4f77025fcebe74d5f1cd61046ad7d3feb0249c9f66398e07311c0d7627a73cf94e423098ff339db0172e46

    Score
    1/10
    • Target

      fix/worrying.js

    • Size

      136B

    • MD5

      44b9e02c0b127303cc0e717d18823419

    • SHA1

      ab7046247330661d92ee2e34157b51c767dba5f2

    • SHA256

      f08a39b2f64cba0c4a134cb758f4cf219b9cf0ea9026255304b37dcd5f225d50

    • SHA512

      e8b7b5d6341915d717ca84c66873916dd0f610897e33279ee6876cad471129d114a09c6805c684d236dfeb9f77dfbd5a68ea7b3b20925677f81332acf4d2086b

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Tasks