General

  • Target

    EC56.vhd

  • Size

    2.0MB

  • Sample

    221206-r1wpmsfg56

  • MD5

    1ba6752028d8b55d0610548dddd1d738

  • SHA1

    3cfb08726615448a5207e37e9287ed530bdbc1af

  • SHA256

    6ae21c50f918517d704fe382bc462b32175bb71e3c98341954b0778ab187ec83

  • SHA512

    462b4e39f776b75d5b7ca17bc4801e4f40f77f4cae50deacbdfa571007d22a7a0ef4c78fbdeee16b8f5b530cffcb2d30f5368030c200076fa2bc0d2a54167bbf

  • SSDEEP

    12288:r72tSVHIPZBmBHmmHD/cJminEGEY7+wO/49T3/lSAH:r72tSVHSBmHRHr/0xH

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB09

Campaign

1670354428

C2

216.82.134.218:443

49.175.72.56:443

12.172.173.82:22

12.172.173.82:50001

190.24.45.24:995

103.144.201.62:2078

24.142.218.202:443

70.160.80.210:443

24.228.132.224:2222

117.186.222.30:993

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

136.232.184.134:995

123.3.240.16:995

76.100.159.250:443

66.191.69.18:995

181.118.183.44:443

31.167.254.199:995

183.82.100.110:2222

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      DS.lnk

    • Size

      1KB

    • MD5

      158c24960fde958a773298a18014f149

    • SHA1

      ca86d377abe8c0a0b790b2248389e13488443ceb

    • SHA256

      c5e36defbfe344686b3268200767a16e7447ae94c4a512c5c8af4362a92842e5

    • SHA512

      a9592db696be9ef6305e3d86288cc280d9e8a8b0984ab2d6bb3826c0e263f8025d52ffaab7d881a11a776ed64d2993e3570b9a77de08e9eda65a835f7a283a77

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      bellicosity/duff.cmd

    • Size

      226B

    • MD5

      0892b897e57de88f8f439445cecdfe5b

    • SHA1

      147220bdf3da03ffeaa8a97ae0079efdf4eed42d

    • SHA256

      73d402ce14b57d946a13c60f0ec1f717e961348006d5e57557c40d7fba3c8ab7

    • SHA512

      bafa8b8c7f62c2d260c572e0d4f29dcca9e6ebd4e188a3c40fba03289cdcfc005545dd17d4bff0a0ad266fd1fde7f221fbbf9d5b139766ad5c1198c30354bd16

    Score
    1/10
    • Target

      bellicosity/tzars.tmp

    • Size

      599KB

    • MD5

      b0b58b26f984d1ea73672bf8020e7f2a

    • SHA1

      c798568abd23480c4845146b31503112c87ec971

    • SHA256

      f5ec1a93a830f536d9a01206348065412094d6572ab2d02e4d35f1b12fee5868

    • SHA512

      555c293296fc2d7085f4b2a18a216e8badcb450765227e3b8231aa4a75210454c15448f5ef08a0eac6ca244d24ec3353e642877f1a5ba19b290ffd6865233bc6

    • SSDEEP

      12288:8PZBmBHmmHD/cJminEGEY7+wO/49T3/lSAH:uBmHRHr/0xH

    Score
    3/10
    • Target

      bellicosity/wallower.cmd

    • Size

      289B

    • MD5

      4ade8c72f998844d82c5d7185d20283f

    • SHA1

      1746d2ffc470af8f8a3e6ddca03e9f9089629d71

    • SHA256

      8ef88a6c6a6d1f9d4710cee841af29b94f0abb4c0d438ff750cac637ecbb6090

    • SHA512

      5255dea1dd2dae5fa7daf55ff4df51e827f51c894f9df1d937ebef12dbee95d3e3db132e45b54421617f9e3e578c958119f52b78dbc061275039410a1a89ab9c

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks