Resubmissions

09-12-2022 21:32

221209-1dstxaed64 10

02-12-2022 18:04

221202-wnkttsag55 10

General

  • Target

    1.vhd

  • Size

    80.0MB

  • Sample

    221202-wnkttsag55

  • MD5

    47395a0c73277e2b3030059c8348481f

  • SHA1

    a8c0938aa1f7ad8ebabee5257a522c1c78f5d393

  • SHA256

    88e42a81204400406c5d5daf6835b044b6dfda92d39a14b627519c043131cb87

  • SHA512

    c15c6d647f950da470ab2118daf05632ebb726e561aedc692ada9ee74bc6f320d49be8283ee345476b02484ef46f061c3e2cbf3b7964cec4bc18451ca80ee50a

  • SSDEEP

    12288:hSUUEfo5I6/o2qgkpUdF9Msme0CWUdOWk4F:hSTiWDvLpRme0C0Wk4

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama224

Campaign

1669794048

C2

75.161.233.194:995

216.82.134.218:443

174.104.184.149:443

173.18.126.3:443

87.202.101.164:50000

172.90.139.138:2222

184.153.132.82:443

185.135.120.81:443

24.228.132.224:2222

87.223.84.190:443

178.153.195.40:443

24.64.114.59:2222

77.126.81.208:443

75.99.125.235:2222

173.239.94.212:443

98.145.23.67:443

109.177.245.176:2222

72.200.109.104:443

12.172.173.82:993

82.11.242.219:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      14238 Dec 01.lnk

    • Size

      953B

    • MD5

      0eb6998fbb37df38c39d5346e7a32f51

    • SHA1

      557547cf6bb3081676aaeb1dfaa4562897560b38

    • SHA256

      1adf85a012187b3d42d8824b81965fb90956ebac433d49c44a4d2a34b4b6f0ed

    • SHA512

      179f9d90c40f2446b29854eb855647ab87c742b9e077b49da2eadbbdf4b30cfdecdf3b8714d9d90efda954b3b3f0255dd89f5869b142fc3360223e4b1e447517

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      349.dll

    • Size

      600KB

    • MD5

      a2c8f0195135c0ea77e12a20db571a38

    • SHA1

      522f5bbd467765a4855395a5f65f517eb7f9b42f

    • SHA256

      b403ccd5d11f898d0e183317d35785b8cc42884604fe934d8f70ea189abdc9dd

    • SHA512

      15ce93148cd97cf4aeb5250e86fd2fe3405a0254cb06580f1f2af24a115e7723dad5e54a63a66ccecbc5ee844938e0618bdcb8c2717e1975bb21359d663369ca

    • SSDEEP

      12288:QSUUEfo5I6/o2qgkpUdF9Msme0CWUdOWk4F:QSTiWDvLpRme0C0Wk4

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks