Resubmissions

02-12-2022 16:07

221202-tkqjssge4v 10

02-12-2022 14:05

221202-rd1p3shf7w 8

02-12-2022 13:33

221202-qtte9scb96 10

General

  • Target

    WP#5563.html

  • Size

    1MB

  • Sample

    221202-tkqjssge4v

  • MD5

    95ed47cde1fb0eb6dacc8b4670ebb6b7

  • SHA1

    521c360dcaa32e3eff2f428b86f8addd4ab8be6b

  • SHA256

    e9aa4f42f9605ed58f0b2a834f661456338208afc9d5397c490c80f617359e52

  • SHA512

    134dd937ef7261413a69503305e250aab3e181821b507c5a4519854ebc2c0ce07d0bbea3f15f3996178e9b027aa4e9cbb8aba7e966d11f68db7264c6e2652998

  • SSDEEP

    24576:mJ2sDzVQSb1YgNQPBNbCmsJOGXwllO3gmpeV+3uYNYhtpVE:m8mNtlmSOZi7pt+/u

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama224

Campaign

1669794048

C2

75.161.233.194:995

216.82.134.218:443

174.104.184.149:443

173.18.126.3:443

87.202.101.164:50000

172.90.139.138:2222

184.153.132.82:443

185.135.120.81:443

24.228.132.224:2222

87.223.84.190:443

178.153.195.40:443

24.64.114.59:2222

77.126.81.208:443

75.99.125.235:2222

173.239.94.212:443

98.145.23.67:443

109.177.245.176:2222

72.200.109.104:443

12.172.173.82:993

82.11.242.219:443

Attributes
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      WP#5563.html

    • Size

      1MB

    • MD5

      95ed47cde1fb0eb6dacc8b4670ebb6b7

    • SHA1

      521c360dcaa32e3eff2f428b86f8addd4ab8be6b

    • SHA256

      e9aa4f42f9605ed58f0b2a834f661456338208afc9d5397c490c80f617359e52

    • SHA512

      134dd937ef7261413a69503305e250aab3e181821b507c5a4519854ebc2c0ce07d0bbea3f15f3996178e9b027aa4e9cbb8aba7e966d11f68db7264c6e2652998

    • SSDEEP

      24576:mJ2sDzVQSb1YgNQPBNbCmsJOGXwllO3gmpeV+3uYNYhtpVE:m8mNtlmSOZi7pt+/u

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation

                      Tasks