Resubmissions

05-12-2022 21:32

221205-1dpr9ahe72 10

05-12-2022 21:12

221205-z2lj3abc8x 10

05-12-2022 17:34

221205-v5vvpaeb7t 10

General

  • Target

    b2c1a42235871224b3afb06b931a4aa6a0d074c0953a1469bc6358cedcf75d3a.vhd

  • Size

    2MB

  • Sample

    221205-z2lj3abc8x

  • MD5

    fd765e768b7703d955ca8073a4b82030

  • SHA1

    eedd6f668348f718ed2ccd8863d973ac6ce51f59

  • SHA256

    b2c1a42235871224b3afb06b931a4aa6a0d074c0953a1469bc6358cedcf75d3a

  • SHA512

    7ecee45612b04abaf619829ee4bb0e108752ea07ed84989fd751f92752e6324faf9a15b46d7985b661d84d3a9763d558136e4a32c3fdd25798d322bc432dbacb

  • SSDEEP

    12288:L+hfiNzqkalTfvvHWiYj7amQZGTcpC20ZsGOIBrupfJ:L+hnXWi+2pZG4UP6nIBrUJ

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669902931

C2

71.46.234.171:443

50.68.204.71:443

186.28.89.170:995

50.68.204.71:993

62.31.130.138:465

152.170.17.136:443

108.162.6.34:995

24.142.218.202:443

67.61.71.201:443

65.95.85.172:2222

50.232.21.70:995

76.184.95.190:993

47.16.69.220:2222

178.169.196.115:443

184.64.44.21:443

12.172.173.82:22

77.126.81.208:443

38.69.136.177:995

174.104.184.149:443

173.18.126.3:443

Attributes
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      CX.lnk

    • Size

      1KB

    • MD5

      2cf243993914e5e59bb3f2336a1cec7e

    • SHA1

      7985e21c3d6426b9aa6943a5849a0c6b69bfe1ed

    • SHA256

      3b718372bc32b024b122a866999b4a6b3e67a0efe57803417700828203f2f78a

    • SHA512

      0d14ba36241244a0eb70dc52621f445f39450dec88bb4f148675e2b7b2db2870bd1ea00fe1af6fae53f6a03293fb327dbae47dc0cba58f8a906470d054398116

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      glasses/astrophysics.tmp

    • Size

      599KB

    • MD5

      8016278a2154ddd50fa719a15d93f166

    • SHA1

      af6b2dddaf6192ee547c783a58dc6ce49317a54d

    • SHA256

      22c550ddaee6ffdc3b4ab09bcc64461d444312958cd14f05178b2124de18ffa4

    • SHA512

      7bf75b38b29a685be4fbce0700e9a22f273911eb71400de028bbf3e9e2e586c992b168bb752562b19e7373f672e31d7a42fb1735fb2ef7b02951c1f18f642faf

    • SSDEEP

      12288:W+hfiNzqkalTfvvHWiYj7amQZGTcpC20ZsGOIBrupfJ:W+hnXWi+2pZG4UP6nIBrUJ

    Score
    1/10
    • Target

      glasses/caitiff.cmd

    • Size

      230B

    • MD5

      f656106936e1f45ae054b6d4dd029219

    • SHA1

      0e2e4d706e383dec6a2ed3ae08b8caf6a4b4f061

    • SHA256

      c29ab47a71c297c0cd9297ca77f494451134c89b8056965e3a99d2a5550103ea

    • SHA512

      5b0817224afda6a35f75a4c8513676c23e7e3dbb455fc8089eeb10a717f8b701d2840da91b5656d3fa1a364784eff4ebc5907e51fec1b0047e8e7d91b165b1b0

    Score
    1/10
    • Target

      glasses/certificated.cmd

    • Size

      297B

    • MD5

      a5d2f0ccad9c55ccc8fb24379a5c2cc8

    • SHA1

      c5acbaca2dc86b0779a64dd94fd83ec8d612b45d

    • SHA256

      51c5b2aad08d5283ef553c4773ae9b8d26eb30ce8e6b59d7c13003f57ce7ae68

    • SHA512

      01f4906bc9a1fd70333052370860828f631b1d05ad58b2815dea24363df90f2d2fbb6c285fba6f5890b5830f239291b0e32db5b99b8c839d4872a0f7fbc1cdce

    Score
    1/10

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks