Resubmissions

05-12-2022 21:51

221205-1qkdasag75 10

05-12-2022 21:06

221205-zx2qgsah5z 10

General

  • Target

    c0beb47f629a5debe0e99790d16a4d04afe786d6fb42c5ab6dfcaed84d86e7ad

  • Size

    597KB

  • Sample

    221205-zx2qgsah5z

  • MD5

    13bd4a09264d6312d957d61d64e79f53

  • SHA1

    5ebf19ba1be83ad9e15991e76e509a57aaa9e9c0

  • SHA256

    c0beb47f629a5debe0e99790d16a4d04afe786d6fb42c5ab6dfcaed84d86e7ad

  • SHA512

    b7943be0b78a7de293b19e2b75a6b44bae34997c555e1a83a0064087d828616e601cc04cb8f13e6e44e8b9cb67fe2328b3826c8d31edf8cd5a74e9def710e582

  • SSDEEP

    12288:rZzDzxF3RR3sSRogrrYW4OH5IBwBZ3TzChsL4o1U:rZzDzvvRoCBH2WBJChsMo1U

Malware Config

Extracted

Family

qakbot

Version

403.573

Botnet

AA

Campaign

1649749884

C2

120.150.218.241:995

186.64.67.38:443

196.203.37.215:80

1.161.71.109:443

82.152.39.39:443

76.69.155.202:2222

72.66.116.235:995

103.107.113.120:443

113.11.89.165:995

208.107.221.224:443

103.88.226.30:443

75.99.168.194:443

75.113.214.234:2222

76.169.147.192:32103

190.73.3.148:2222

39.52.2.90:995

38.70.253.226:2222

5.95.58.211:2087

74.15.2.252:2222

76.70.9.169:2222

Attributes
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      c0beb47f629a5debe0e99790d16a4d04afe786d6fb42c5ab6dfcaed84d86e7ad

    • Size

      597KB

    • MD5

      13bd4a09264d6312d957d61d64e79f53

    • SHA1

      5ebf19ba1be83ad9e15991e76e509a57aaa9e9c0

    • SHA256

      c0beb47f629a5debe0e99790d16a4d04afe786d6fb42c5ab6dfcaed84d86e7ad

    • SHA512

      b7943be0b78a7de293b19e2b75a6b44bae34997c555e1a83a0064087d828616e601cc04cb8f13e6e44e8b9cb67fe2328b3826c8d31edf8cd5a74e9def710e582

    • SSDEEP

      12288:rZzDzxF3RR3sSRogrrYW4OH5IBwBZ3TzChsL4o1U:rZzDzvvRoCBH2WBJChsMo1U

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks