General

  • Target

    LN12.zip

  • Size

    349KB

  • Sample

    221206-qtjaascc34

  • MD5

    75e5c2e7e3a6091cada07d9eba405b0e

  • SHA1

    492a1b86169a88041df70f0e930be1478c6dd278

  • SHA256

    2c9a1589ddb6fb301b4900816e51faf0cde4d90148e1c233d25862be62bb2dd8

  • SHA512

    3a41db9497e90c9a4f575ea32c3cf687367f94481acf68f73decac2e84fa0d410a0a1fd457342246ac5027c939f32c286d539a44bf1fcaf6bf0abffc79958f88

  • SSDEEP

    6144:Fe5ls62fggxdvbJ1jTCmZzabGAjyyejdndKcjBgiMdpUXZp5kBxEhvyhx3tkIef:Fe5yRvbD/zUZReBnUdKwNx37o

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB09

Campaign

1670354428

C2

216.82.134.218:443

49.175.72.56:443

12.172.173.82:22

12.172.173.82:50001

190.24.45.24:995

103.144.201.62:2078

24.142.218.202:443

70.160.80.210:443

24.228.132.224:2222

117.186.222.30:993

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

136.232.184.134:995

123.3.240.16:995

76.100.159.250:443

66.191.69.18:995

181.118.183.44:443

31.167.254.199:995

183.82.100.110:2222

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      DS.lnk

    • Size

      1KB

    • MD5

      4091d7118195b7b04cfe0e883bb8d0b8

    • SHA1

      122d167f7f5d8ba57cb2231c1dc8954111393819

    • SHA256

      3bdef21db3c0e1843d03a5458cc0f4c09bd9a06e2bc836ffab0731da0b49104f

    • SHA512

      b36b8f1e5a7d8156dbcf79aecd2343a0dc3a28afcf58c9c1b92132d4d96963b04db0cf50a418007ef78e36062266827de234153d893a6c8cecb7b703acc92415

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      sandalwood/annotates.cmd

    • Size

      223B

    • MD5

      9bb9812540b83f5cfd7cdf25633f0426

    • SHA1

      f59674e34fb3851f84b83caf8d714c82ba6f11e1

    • SHA256

      de7185b7f45cfb591af1faf2496ae7498fc971b3fa6eb4c92bd0d0ffd1cc209e

    • SHA512

      98de0a1200d8003cc8473b0cbd83b8612f3e751aff31e743c05fc3b30b54614f4bff8282c94eee7c21bfdb5f24b4014bb19981811e49ffd0606024bac581187a

    Score
    1/10
    • Target

      sandalwood/forthcoming.tmp

    • Size

      599KB

    • MD5

      80a27842055378bd905a43aca1907425

    • SHA1

      a2cde02adff4b083ec91707c24bd0503c5b62985

    • SHA256

      c22fee368833ff4303e6b563fe540c7759f2f4ff0102f3cb8867b30d1be5dda4

    • SHA512

      26f211fab8fdfc1606a668497e8f8d3105fcb5f3ef6755b98f0702ce6dfce355d248a65b8c4eecdfbade2db789212295fb0067ac21b6608950f8b28665c47831

    • SSDEEP

      12288:8PZPmBHmmHD/cJminEGEY7+wO/49T3/lSAH:uPmHRHr/0xH

    Score
    3/10
    • Target

      sandalwood/mynah.cmd

    • Size

      299B

    • MD5

      da182f2f18108a219f8ef565e54868e6

    • SHA1

      5db854d6814cae549ab0389fa043a7b48f5d80dc

    • SHA256

      f861ae19db7fb3de597e5bb2fa83fc387cda06108461b805bda8025849e04fff

    • SHA512

      f18aa570d02507604a024edce17b15cb7f1e8790d7f865a54180a224ce6bcb66eeb7df9e96a1742c9b01923858c243bc750cc2f77e3b010c02364343a1da939f

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks