General

  • Target

    AU-241.iso

  • Size

    690KB

  • Sample

    221129-xlr1ssae9x

  • MD5

    44ecd5d441a42e083d0cd5ab1b22e4a4

  • SHA1

    337c0545cd6a23642a21bdf31c62042b58192eac

  • SHA256

    43bcc408d71dbfc53b0ffa2a7e2712a5c7acbc9f10d198490819856b85791a8a

  • SHA512

    64f71c9281ce8be6ace974ad801bf0f8d863420dbe4b32302331d56f5768f1b8c7642fe457011b50b88a68c7dcac23dd7cf513d709e47d37f23d2172e8c83a74

  • SSDEEP

    12288:vm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:cMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      AS.js

    • Size

      133B

    • MD5

      0aa7485dd437a8484cd3dd367b63df80

    • SHA1

      0d27470da0f86421835344447701b4e42ceff35a

    • SHA256

      eb92e0ebfb8c3987260ec897056cb34bea9b56cd0d2a24f782726fb2c9d55ef9

    • SHA512

      0a97af9b7e104279e43b9c910830dab7ed005928505888582ed109be36ce239c17406b50eb58d296e28253260d89beb5554ed8a0e1c9b9edcab196da56705621

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      fix/bandying.ps1

    • Size

      376B

    • MD5

      e6266baf0bd5176832a6780efec07c5e

    • SHA1

      08b0e0eb232b4d8dc7bebf5da94b079e0da2aa86

    • SHA256

      77acf3abf891f9b6f8e595ab4c85b2fab3150ed11aecc88990d0c7f02275b044

    • SHA512

      f62666fe9754d46c065d8dd44b711ed0a7839f6097e5f194df6113ae78b1b06f6ea2f9fc1fbe353acc05e53a924ff8c01c9a0e047a45d8448666682382737072

    Score
    1/10
    • Target

      fix/gathering.js

    • Size

      133B

    • MD5

      0aa7485dd437a8484cd3dd367b63df80

    • SHA1

      0d27470da0f86421835344447701b4e42ceff35a

    • SHA256

      eb92e0ebfb8c3987260ec897056cb34bea9b56cd0d2a24f782726fb2c9d55ef9

    • SHA512

      0a97af9b7e104279e43b9c910830dab7ed005928505888582ed109be36ce239c17406b50eb58d296e28253260d89beb5554ed8a0e1c9b9edcab196da56705621

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Tasks