Resubmissions

05-12-2022 21:11

221205-z14z1sbc4z 10

05-12-2022 21:02

221205-zvg83aae9z 10

05-12-2022 20:55

221205-zqp34sab9t 10

General

  • Target

    Claim_BR81.vhd

  • Size

    2MB

  • Sample

    221205-z14z1sbc4z

  • MD5

    668c49b52717db4e027f71fb9df07db8

  • SHA1

    81be3bcec43dd655699da05a018868ab6d177764

  • SHA256

    39f4de6c82203a2769745f568198d028d37f0ec72792adb18de98a958f59e968

  • SHA512

    387a5533a555b6656ebd1385d302e8cfd5f08b929138a7e51f09c548a3f55b9b0de7993d01e88075dcc3aabe9afed18a88446f94c225560c87e51488c5231bd8

  • SSDEEP

    12288:dTyGpWTgZEWyGWZDZCFkHkmqnfsd5Ja46fDV3+QWc2:d5pWTgZnOZtHk2JajfRO8

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama225

Campaign

1669974461

C2

85.59.61.52:2222

66.191.69.18:995

186.64.67.9:443

174.104.184.149:443

91.165.188.74:50000

213.22.188.57:2222

173.18.126.3:443

90.89.95.158:2222

172.90.139.138:2222

78.100.230.10:995

184.153.132.82:443

41.100.146.58:443

85.152.152.46:443

75.99.125.235:2222

83.92.85.93:443

173.239.94.212:443

24.64.114.59:2222

74.66.134.24:443

98.145.23.67:443

213.67.255.57:2222

Attributes
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Claim.lnk

    • Size

      1KB

    • MD5

      de308aec56de0b862231a6bb649a7f93

    • SHA1

      0c7a02535887510c5a79393cbe9de3ed8d98127b

    • SHA256

      1140a8cc4e36d99308587e748054342528744809cfea8eea9ccd945f874c662a

    • SHA512

      a6d96ea68afc028edd8ed06d6d77cc8c64727401bfcde78aff719a94e940eab7d8fdf1b336444a5db9f7e961bfda381aabb7cb34de9cd9d24a38bf6344a5daff

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      undampened/purposeful.tmp

    • Size

      444KB

    • MD5

      db0613fd8f2fbfbf632d9ffdcf6fe92e

    • SHA1

      349e322ce539d3c8be9fa67484d67d4ef0f70493

    • SHA256

      33a9e7369a1d9a143497432eebd271e566feb200c5ec6ce54d4e367c29882adb

    • SHA512

      f2033178729ff9c5a6ea8301b441e23093bc8136931715cb48c65cfd10fae7c538e65c295f1a95f879f7aea9b6fb995a0a95d8dade125fc24280bff0ea95c0af

    • SSDEEP

      12288:BWyGWZDZCFkHkmqnfsd5Ja46fDV3+QWc2:AOZtHk2JajfRO8

    • Target

      undampened/reassembly.cmd

    • Size

      285B

    • MD5

      0e1d1b53085414be80108431a3ee03ec

    • SHA1

      23d01d536acdf7d9cfaabcf97c63ad435652e6da

    • SHA256

      d25cf833e6fb446b1c38fee115eb1a1bfb70657ada48f5f20dce799ddade625f

    • SHA512

      3ed5af192d5d95be221c279c256c404128a2ef9ac70f48057e5db671566ddbf371d953d45616e29fc6e4008a04c51fa3c3743a388bee03f91a7a5594209a279d

    Score
    1/10
    • Target

      undampened/risibly.cmd

    • Size

      219B

    • MD5

      172e43861b3f0e6ab44c301eeaf38c72

    • SHA1

      abd8de568772fcaceeb526aba05f75bde1dfbafa

    • SHA256

      c8367127ed0b2d0d388e151912fbba14ff4e4ba70174b693523566ddda272473

    • SHA512

      67f92a17a4f1f03efa11a62f7ce2967457592b7f25118f872c046c926931b6d9dc9022546e182ff4d7488049aecdca5056cbd10bf4ee0a3a17a6d2925403b58d

    Score
    1/10

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation

                      Tasks