General
-
Target
files.zip
-
Size
357KB
-
Sample
221202-cr79radf26
-
MD5
9f11b3fc75f504fe13f9b34b9b9921e3
-
SHA1
9377422d49dd45fd4f24a50c705200a0b8345866
-
SHA256
a1b66e55154994c6c51ce9d8d258d7226e16446118d4941b8a357bf5039100cb
-
SHA512
dae48339b872b2c9da7955836990a4b575b328c80caffb449c018d7573855108db0d22336e9484d8d66b273673db0343d1beb0b4aa0f1fe0127392c2680af27d
-
SSDEEP
6144:KPWNfp2ix9ax6u0pkDKXFlgKjQjI0xZd2MJeYAbFT0jOt2sXnCcFMWT+NVWAz:KOZ4ix9ax6u0pplgKjQ00bd2pPL5XnCz
Static task
static1
Behavioral task
behavioral1
Sample
00203 Dec 01.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
00203 Dec 01.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
1099.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
1099.dll
Resource
win10v2004-20220812-en
Malware Config
Extracted
Family |
qakbot |
Version |
404.46 |
Botnet |
obama224 |
Campaign |
1669794048 |
C2 |
75.161.233.194:995 216.82.134.218:443 174.104.184.149:443 173.18.126.3:443 87.202.101.164:50000 172.90.139.138:2222 184.153.132.82:443 185.135.120.81:443 24.228.132.224:2222 87.223.84.190:443 178.153.195.40:443 24.64.114.59:2222 77.126.81.208:443 75.99.125.235:2222 173.239.94.212:443 98.145.23.67:443 109.177.245.176:2222 72.200.109.104:443 12.172.173.82:993 82.11.242.219:443 92.149.205.238:2222 183.82.100.110:2222 176.142.207.63:443 92.24.200.226:995 69.119.123.159:2222 91.169.12.198:32100 64.121.161.102:443 124.122.55.68:443 12.172.173.82:995 85.231.105.49:2222 94.63.65.146:443 176.133.4.230:995 213.67.255.57:2222 90.89.95.158:2222 156.217.158.177:995 88.126.94.4:50000 87.57.13.215:443 102.159.83.36:443 121.122.99.223:995 216.196.245.102:2222 12.172.173.82:465 78.69.251.252:2222 76.80.180.154:995 75.143.236.149:443 109.11.175.42:2222 221.161.103.6:443 74.92.243.113:50000 75.98.154.19:443 47.41.154.250:443 49.175.72.56:443 81.229.117.95:2222 92.189.214.236:2222 83.92.85.93:443 108.162.6.34:443 84.35.26.14:995 136.232.184.134:995 188.54.99.243:995 93.24.192.142:20 75.84.234.68:443 71.31.101.183:443 80.13.179.151:2222 184.155.91.69:443 76.100.159.250:443 24.64.114.59:3389 46.246.245.152:995 70.115.104.126:995 197.2.209.208:995 50.90.249.161:443 70.66.199.12:443 216.196.245.102:2083 182.66.197.35:443 142.161.27.232:2222 76.127.192.23:443 92.207.132.174:2222 174.77.209.5:443 12.172.173.82:21 199.83.165.233:443 74.66.134.24:443 77.86.98.236:443 90.104.22.28:2222 71.247.10.63:50003 108.6.249.139:443 184.176.154.83:995 81.198.136.151:995 80.0.74.165:443 71.247.10.63:995 174.58.146.57:443 69.133.162.35:443 50.68.204.71:995 24.64.114.59:61202 47.34.30.133:443 12.172.173.82:50001 75.158.15.211:443 216.196.245.102:2078 181.164.194.228:443 193.154.207.221:443 213.191.164.70:443 197.92.135.188:443 172.117.139.142:995 76.20.42.45:443 24.64.114.59:2078 73.36.196.11:443 58.247.115.126:995 73.155.10.79:443 92.98.72.220:2222 84.113.121.103:443 2.50.47.109:443 12.172.173.82:990 106.212.18.255:995 98.147.155.235:443 92.106.70.62:2222 108.44.207.232:443 24.206.27.39:443 130.43.99.103:995 50.68.204.71:993 71.46.234.171:443 108.162.6.34:995 24.142.218.202:443 166.62.145.54:443 |
Attributes |
salt SoNuce]ugdiB3c[doMuce2s81*uXmcvP |
Targets
-
-
Target
00203 Dec 01.lnk
-
Size
955B
-
MD5
0de80f41a5cd33356cd00fb77e131d87
-
SHA1
69536b00f79c7edbbd093d1efd5ead9751e23991
-
SHA256
0d7cde36eea88e200ee81a96749d5338054af864851b01627a80bba73efc03ca
-
SHA512
2e596c3792e9a0f8a524c229bb300d3d66bfd15f75f4b0900019b503051ebd692e33ef68f807ac84daac89f3306e70c6b7d9f0c1fe93cb7a3585bcd019be78f5
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
1099.dll
-
Size
600KB
-
MD5
7270877051f4ce89a7067c6bb2f9268b
-
SHA1
a12170aea707e2185692c429e2972b819acc9cc3
-
SHA256
ad2ca74575501e503a5ca929529d3e2d19c94d464657203891dd80e1a20365bb
-
SHA512
c25bcf7d513230ab6192649b379723bd82f794f7bf703ed1f2d18acb53795a2673859d11eb8ba6cd80696e2e85d3ecb9988b07496fbb10d1ef951bc21952eecb
-
SSDEEP
12288:QSUUEfo5I6/o2qgkpUd99Msme0CWUdOWk4F:QSTiWDvLBRme0C0Wk4
Score1/10 -
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation