Resubmissions

09-12-2022 20:54

221209-zqdp3sec62 10

01-12-2022 16:23

221201-tvtzzafd56 10

General

  • Target

    QI-504.iso

  • Size

    101MB

  • Sample

    221201-tvtzzafd56

  • MD5

    4bc5990fda10d02ed454c05f5cfd3bd3

  • SHA1

    2e1b7a52371507cbabb0b919fc78b299736816f1

  • SHA256

    646c5b0bc32d7f37a4370756116b820e9231ef929308f42e89a32ea5d3427d26

  • SHA512

    9011115585b916ebd85c4e7b4c324003e9be45697c691223112f5885020565617cd714bcdb0cbeb9f7f09847a2c4ea850c2e4253a15d5c42aaf24d289ce9a965

  • SSDEEP

    24576:CIfK3N4K+aqMMmz/WdxrN81BK9pBBuWb:Cr5CMMqAxCK9pBBuWb

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      BF.vbs

    • Size

      177B

    • MD5

      91b730e7dd7e89e87d7e7e67b0c695a4

    • SHA1

      c610f358633edc0420b6af9d23ce36ceca36fbf9

    • SHA256

      374a6cc6ce512f4e60bb980547b85ff6aae7b83240a558b19aefe1d4ca93932d

    • SHA512

      16442554df51c41527f4ebf79280f5fc90728c23e34dfe841d55a65ad828b83d6b879f5fd6ff1077acda38fa62893cad08136b96e39cefcc17f1c6ff8f399757

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      teased/inventions.vbs

    • Size

      177B

    • MD5

      91b730e7dd7e89e87d7e7e67b0c695a4

    • SHA1

      c610f358633edc0420b6af9d23ce36ceca36fbf9

    • SHA256

      374a6cc6ce512f4e60bb980547b85ff6aae7b83240a558b19aefe1d4ca93932d

    • SHA512

      16442554df51c41527f4ebf79280f5fc90728c23e34dfe841d55a65ad828b83d6b879f5fd6ff1077acda38fa62893cad08136b96e39cefcc17f1c6ff8f399757

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      teased/phallic.ps1

    • Size

      364B

    • MD5

      6e7cf38081b202b76d7fd016655fb768

    • SHA1

      b9afacb0bb1c48d50503a5065df9ab07e80cde7a

    • SHA256

      61ab7ec54c252b9ed26568d22c57496b8386d9c26fbbaa978970dcdd42b0e0c3

    • SHA512

      8d75549e5c80fbf7c2eb51be45a596c253c37e99e5b8c403327b617861b4f4efd66152cf6270a49436dd4163437a846f7b63dd3aa0d5d9f5f5a4b98714b90e05

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Tasks