Overview

overview

10

Static

static

DS.lnk

windows10-2004-x64

10

zees/far.dll

windows10-2004-x64

1

zees/fine.cmd

windows10-2004-x64

1

zees/roasts.cmd

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CH71.vhd

  • Size

    2.0MB

  • Sample

    221206-lkv6aaec96

  • MD5

    ddbd6f18954c28fbed33ce8383d4d12f

  • SHA1

    6bd098000006d5e08fd223758ec151cea0e4b5c7

  • SHA256

    cb72d7878e090cfebd4bf335f4b148471b5a3e359e1eafdc23bef9288b56619e

  • SHA512

    fdd37da5020af3691414ab268a8cc1bac22db69b5ea81423a2f8b2ad57bee81809456a0179aa6d566123841ced7c39e7a3a15e4e87390a8bc4efe2088e8aa5e2

  • SSDEEP

    12288:ntwO0pOiOxwThCqMRHPptvo8zY+jAe95NtXqWo8g5tj+5niH/E:ngEwl3MpzMeFtaWg5tjgif

Score
10/10
qakbotbb091670238005bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB09

Campaign

1670238005

C2

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      DS.lnk

    • Size

      1KB

    • MD5

      beda4385ec4ea949ded858f603cc8fb7

    • SHA1

      117ddeab4084c8ff32e01de303fe7de5a47bb07c

    • SHA256

      14f3ade0e18df4d02de45f9238e04edbd3560f8aecd78b62bb3a7606546fc1ef

    • SHA512

      bf4978593df4f1e45a15915c181ae771bfcf784d69443cd40106789ef7725d016a253e95bfbd9c0290a2e0b66c88dd6f8d5f148ec20203bb8803ea0270ad22a1

    Score
    10/10
    qakbotbb091670238005bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

    • Target

      zees/far.tmp

    • Size

      1.1MB

    • MD5

      725abeeab7558add5f3c8a054510b579

    • SHA1

      1e66ebc50adcd44ebe1571e1e4191810341795c5

    • SHA256

      b799784456c499aaeb5942ba4deea360af24e8bc8c503ca8a8682fe6e7d70540

    • SHA512

      e09370131985a947fe0ea7eb7545f2606b9a44b2176f89f8d212fd184371259fc2a43762e6528bbff4558ab10f87709098e638ff12d668fcec60fed76cd6c68f

    • SSDEEP

      12288:chCqMRHPptvo8zY+jAe95NtXqWo8g5tj+5niH/Ez:i3MpzMeFtaWg5tjgifM

    Score
    1/10
    behavioral2

    • Target

      zees/fine.cmd

    • Size

      297B

    • MD5

      1ccf61d45aa4bbab1ed58c19453f60c5

    • SHA1

      d8ef77871bc6e858e6245944c4dd309e8e338104

    • SHA256

      15c4d6c0641726d84b828dc4a39eebfa5ca4b3373af91bab08e6916ded691b90

    • SHA512

      628ed22aa2b24e799ed9e44d5c762e48bac45f04ff3d9eb47e97ec71e4fbf4258eb377730a6ea70804bd31f3d5996cb38aa17f934c83016819b40e055fe019db

    Score
    1/10
    behavioral3

    • Target

      zees/roasts.cmd

    • Size

      216B

    • MD5

      082572e38c4aaf3ad6fd8b32dbd4f1ed

    • SHA1

      687c4ec040400a385d2057683ebf8ed3f14077e8

    • SHA256

      75df42e1cd99b80e89a65b86db0ba7563de72b9641cc0308bab87aa6fe83ab4c

    • SHA512

      bc5c0f43fe4a55acdd2037c2385ad66f4a03088cdc126362339dfcb9a962784eecee90a4f0ed19a0c050ecef45fc040308006f9a7c04248e47f635af83e4e12b

    Score
    1/10
    behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks