Resubmissions

06-12-2022 06:15

221206-gzxv7sbc77 3

02-12-2022 17:00

221202-vjcrzsbc51 10

General

  • Target

    Claim_PE84.vhd

  • Size

    2MB

  • Sample

    221202-vjcrzsbc51

  • MD5

    2fe68553beb0a7b084f1b349d6551d9c

  • SHA1

    c7e8f7b9313e876b10623840989fb07c00203930

  • SHA256

    edcb8d8e80eb826ec95ed9ccdc1d4470c3edd1782350187fc9bcd776c6d96095

  • SHA512

    cf9d306a0948217c32dd865a1926c18405cb0e24aef2eadd4bdd81bf9376783fa1a44de90ddc0926e4e6f41094cff99869b325b6d22a200f8f8161ee177fc0a1

  • SSDEEP

    24576:/wWw8wewswUwBw6gwsw3wTOZqHk2JajfRO8:/wWw8wewswUwBw6gwsw3waZaUY8

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama225

Campaign

1669974461

C2

85.59.61.52:2222

66.191.69.18:995

186.64.67.9:443

174.104.184.149:443

91.165.188.74:50000

213.22.188.57:2222

173.18.126.3:443

90.89.95.158:2222

172.90.139.138:2222

78.100.230.10:995

184.153.132.82:443

41.100.146.58:443

85.152.152.46:443

75.99.125.235:2222

83.92.85.93:443

173.239.94.212:443

24.64.114.59:2222

74.66.134.24:443

98.145.23.67:443

213.67.255.57:2222

Attributes
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Claim_PE84.vhd

    • Size

      2MB

    • MD5

      2fe68553beb0a7b084f1b349d6551d9c

    • SHA1

      c7e8f7b9313e876b10623840989fb07c00203930

    • SHA256

      edcb8d8e80eb826ec95ed9ccdc1d4470c3edd1782350187fc9bcd776c6d96095

    • SHA512

      cf9d306a0948217c32dd865a1926c18405cb0e24aef2eadd4bdd81bf9376783fa1a44de90ddc0926e4e6f41094cff99869b325b6d22a200f8f8161ee177fc0a1

    • SSDEEP

      24576:/wWw8wewswUwBw6gwsw3wTOZqHk2JajfRO8:/wWw8wewswUwBw6gwsw3waZaUY8

    Score
    3/10
    • Target

      Claim.lnk

    • Size

      1KB

    • MD5

      2f8f51992462ce218dfee554c976510e

    • SHA1

      c92a3e2337bdd16f211299d0ae6b2336f9270a96

    • SHA256

      e2f568bba1216700f7ac0a6ee76c742298485a90bdc80a2002798ba304e68b3a

    • SHA512

      3a175e08f0bc6601952cb582e95ecadb0e89d57c5e7d59e27d5f7919056d13d087c424d9f3a32de6a974fd910536f0c9005ef8596fb07b5f4490daabb8f3e072

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      respondents/advisement.txt

    • Size

      287KB

    • MD5

      630a60d58ac49dbdf0beb3c942320326

    • SHA1

      ddde4b191d395681bc2176bbe9396f5ce23650a7

    • SHA256

      8596b246ead10fce32b37b9b35b5477b4bd4e1052cbb7213f49fc984bb8dc501

    • SHA512

      15d21b346578d2a3919b2af6a5e7fc0e43e8e8ba87305ccc18fe05029ccdd1abc45e9651cd6fd40f2c61bebaa85a317d7a3a7320a4f8ea3d89f084477115fbe0

    • SSDEEP

      6144:zdGSnwpTS3vPwlkBnwcGSvjwiOVgNw8RtSkOhAnwKswruCdwswnFNwu:JwWw8wewiO4wCOAwBw6gwsw3wu

    Score
    1/10
    • Target

      respondents/crossbar.tmp

    • Size

      444KB

    • MD5

      5ddfeb10cd4a64cd2534f2d7d5876ffd

    • SHA1

      270999d10c77d209a9f291f0bdb2596064f190fb

    • SHA256

      8cb21de414adf9b4f81d2aaac1ba2e947f09a1913b4541d5ff59ef262efefa5d

    • SHA512

      62422f2700c83f13c4480b54dc63373370764903a017f375afd590ba0ba5498f0c919ebc13732bbddab44b03c4340a2876320e95d505a728c9c62dee65420151

    • SSDEEP

      12288:BWyGWZDZVFkHkmqnfsd5Ja46fDV3+QWc2:AOZqHk2JajfRO8

    • Target

      respondents/ibidem.cmd

    • Size

      225B

    • MD5

      44aa33a9891f351cf4be4105b0c343f5

    • SHA1

      540533433c3eb095d8974ce5f7ef7986ef338ee7

    • SHA256

      7a676b74f870a8e12a49d62a89f5fa13cc3b1f6e43d160436f4bec08dbfe6101

    • SHA512

      e93c0876e485fd4d6e5456215a64fc550cb335f32fcfb914d1b205bb17bc63c5ee7333af225f46b34947731a369ab2e46c90a9892db9a03509f2ddec89a817d3

    Score
    1/10
    • Target

      respondents/suspect.cmd

    • Size

      283B

    • MD5

      99838a4fa2fbb0955a78f3fe97212626

    • SHA1

      32a16917424cf9f98ffac8737b8293d268c27aec

    • SHA256

      6ce73c1af6962cd08164173eeab0c367c069c2d0a583ef7f92ddbf3ef3a5bfa9

    • SHA512

      1317ab6f713d897c5f4a445ee476440fe3140b13cc6f40fee4cdbe3f1d6d04c14c7f0ef8f2e83bdecacac1a54e55e87a1ee7547dae49520439379fd99a5215a7

    Score
    1/10

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks