General

  • Target

    files.zip

  • Size

    357KB

  • Sample

    221202-cr79radf26

  • MD5

    9f11b3fc75f504fe13f9b34b9b9921e3

  • SHA1

    9377422d49dd45fd4f24a50c705200a0b8345866

  • SHA256

    a1b66e55154994c6c51ce9d8d258d7226e16446118d4941b8a357bf5039100cb

  • SHA512

    dae48339b872b2c9da7955836990a4b575b328c80caffb449c018d7573855108db0d22336e9484d8d66b273673db0343d1beb0b4aa0f1fe0127392c2680af27d

  • SSDEEP

    6144:KPWNfp2ix9ax6u0pkDKXFlgKjQjI0xZd2MJeYAbFT0jOt2sXnCcFMWT+NVWAz:KOZ4ix9ax6u0pplgKjQ00bd2pPL5XnCz

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama224

Campaign

1669794048

C2

75.161.233.194:995

216.82.134.218:443

174.104.184.149:443

173.18.126.3:443

87.202.101.164:50000

172.90.139.138:2222

184.153.132.82:443

185.135.120.81:443

24.228.132.224:2222

87.223.84.190:443

178.153.195.40:443

24.64.114.59:2222

77.126.81.208:443

75.99.125.235:2222

173.239.94.212:443

98.145.23.67:443

109.177.245.176:2222

72.200.109.104:443

12.172.173.82:993

82.11.242.219:443

Attributes
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      00203 Dec 01.lnk

    • Size

      955B

    • MD5

      0de80f41a5cd33356cd00fb77e131d87

    • SHA1

      69536b00f79c7edbbd093d1efd5ead9751e23991

    • SHA256

      0d7cde36eea88e200ee81a96749d5338054af864851b01627a80bba73efc03ca

    • SHA512

      2e596c3792e9a0f8a524c229bb300d3d66bfd15f75f4b0900019b503051ebd692e33ef68f807ac84daac89f3306e70c6b7d9f0c1fe93cb7a3585bcd019be78f5

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      1099.dll

    • Size

      600KB

    • MD5

      7270877051f4ce89a7067c6bb2f9268b

    • SHA1

      a12170aea707e2185692c429e2972b819acc9cc3

    • SHA256

      ad2ca74575501e503a5ca929529d3e2d19c94d464657203891dd80e1a20365bb

    • SHA512

      c25bcf7d513230ab6192649b379723bd82f794f7bf703ed1f2d18acb53795a2673859d11eb8ba6cd80696e2e85d3ecb9988b07496fbb10d1ef951bc21952eecb

    • SSDEEP

      12288:QSUUEfo5I6/o2qgkpUd99Msme0CWUdOWk4F:QSTiWDvLBRme0C0Wk4

    Score
    1/10

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks