Resubmissions

05-12-2022 21:51

221205-1qneysag86 10

05-12-2022 21:11

221205-z1sa8abc2y 10

05-12-2022 21:02

221205-zvs1kaaf4t 10

05-12-2022 19:59

221205-yqdjmsbd53 10

General

  • Target

    LG48.vhd

  • Size

    2MB

  • Sample

    221205-yqdjmsbd53

  • MD5

    256fec95be295bcae1a17fc5576c46d9

  • SHA1

    a0a5686450bb285586f7f2b9b91f17fb82bc984b

  • SHA256

    dab71aa920bad2c39ec03be571f5ca971f5eede573b5ccf96fe6ee1b9b93ed73

  • SHA512

    99f5b4565c2ff56da9fdbc3d0f88670b92ebbd269ebbb1ddb13adb7bf9e893fa1bdf57132ce772de9e5c55531e4ac368a1d5bcbec7e125f5ba9bb928de68cc1d

  • SSDEEP

    24576:xzoHJHgGHHHHIwPwBgBVwNqGDKkSYu5tjVi:xzoHJHgGHHHHIwPwBgLgqsK15tjM

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB09

Campaign

1670238005

C2

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      HG.lnk

    • Size

      1KB

    • MD5

      fbb437f912ab97ae5f0fdc6cc76c8fef

    • SHA1

      a179f76893355a8ff05bc7f3576fa1f5b9194982

    • SHA256

      36a24720c23d86511b2855440082c28f695e12f55327efef3e97142cfe80a54c

    • SHA512

      984f7abbde02ce5d491e8abb20dbb06ecbb8583437e3e5c2f5cc91798d8c8bb8d51a5f4f52edcfe7c11e74997cb51efc296b0f634f5f65589c5278a47cc323da

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      discoveries/dispersers.cmd

    • Size

      291B

    • MD5

      0113de80cf8c28384998b91527148ca4

    • SHA1

      24a2564b57b49dcf65402a776422173aa8b2b86a

    • SHA256

      feb1857e7ce32fbee82dfa8a0f4d53deed9a7ea841122cd4a8c84c5d43c61439

    • SHA512

      eefb2612b57921bbc8fcf80ae7ceb61844f2a509d03e3e19a02d9736dd63f5d1bde735c552e990d5332e874d8394ed442fb1c94fb13dc17eba172de96c63e007

    Score
    1/10
    • Target

      discoveries/erect.tmp

    • Size

      667KB

    • MD5

      e8d95feadab525fb0d43b040a02e05ab

    • SHA1

      1e22feca8821afccc712455b6bce10dfdc95728a

    • SHA256

      c6887e515b36694e8e738c0df7610014e084bcce80ee13c998087471daf039a4

    • SHA512

      f154e2e188fd96e3a20c713a07f3afed35e96810e8810616b1bb86ee1677d9ceb4eaae0a9b52066442e04c489e6395b59f642bf83976b4c68caea0c5b9bd6b9d

    • SSDEEP

      6144:JxE9vbMKBWrQXhjXNkXWaw0SeUK/SZmtoLOAuUW4xSY2H6+5tjesNMjuX+yM3H59:nV6Wrg9NqGcUKajSYu5tjz5niH9km

    Score
    1/10
    • Target

      discoveries/pests.cmd

    • Size

      225B

    • MD5

      54a0471de5cf99c55984b4574f580c6c

    • SHA1

      c73c4f2bcf3d3efbe8129fdee3d51f3a30418fc0

    • SHA256

      1f4a42651773cbef4b463ea466b760b1fafa24eaa629743152090e9f102884c4

    • SHA512

      2ccde80ce8cd872b4b74e4a715da70e58d4cdb00890f43467de3312ce6e4513da5256c1b89fc56ffeadbedab322ae06ac23aa568b570698355e86135dccf815c

    Score
    1/10

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks