Resubmissions

27/12/2022, 14:30

221227-rva6raab9t 10

27/12/2022, 05:12

221227-fwa2lahe3w 10

General

  • Target

    Cancellation#W94.iso

  • Size

    102.7MB

  • Sample

    221227-rva6raab9t

  • MD5

    2bc421b028b1463a5eca13eab798c996

  • SHA1

    85c3d0400d4b2167b0d5c8f58371db90c795f604

  • SHA256

    2e1cd7881d0fc154569126eb6a50de0ae98d45dc0a68f443a71b8511ee783dae

  • SHA512

    7ad8de827e54b8dd24fc593bf37cdbc67a655c7a465d9354e6b95eb6276c4a84b0c7720c27e06365e41f3286c4a5eeccd83a7321c3a1fa175d9f5f923937a844

  • SSDEEP

    24576:E9UiBqyTIUgN/nNE2cPHHHHYwgBHp8wOHeHwwHyCcPg:E9Ui3PHHHHYwgBHp8wOHeHwwHZcPg

Malware Config

Extracted

Family

qakbot

Version

404.62

Botnet

obama233

Campaign

1671781480

C2

51.199.123.42:443

213.67.255.57:2222

70.51.134.110:2222

116.74.162.173:443

206.166.209.170:2222

193.154.124.4:443

65.30.139.145:995

92.189.214.236:2222

73.29.92.128:443

188.52.183.146:995

175.139.207.179:2222

190.78.77.15:993

162.248.14.107:443

184.153.132.82:443

199.83.165.233:443

12.172.173.82:995

12.172.173.82:50001

37.15.128.31:2222

178.142.126.181:443

176.142.207.63:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Cancellation#W94.iso

    • Size

      102.7MB

    • MD5

      2bc421b028b1463a5eca13eab798c996

    • SHA1

      85c3d0400d4b2167b0d5c8f58371db90c795f604

    • SHA256

      2e1cd7881d0fc154569126eb6a50de0ae98d45dc0a68f443a71b8511ee783dae

    • SHA512

      7ad8de827e54b8dd24fc593bf37cdbc67a655c7a465d9354e6b95eb6276c4a84b0c7720c27e06365e41f3286c4a5eeccd83a7321c3a1fa175d9f5f923937a844

    • SSDEEP

      24576:E9UiBqyTIUgN/nNE2cPHHHHYwgBHp8wOHeHwwHyCcPg:E9Ui3PHHHHYwgBHp8wOHeHwwHZcPg

    Score
    3/10
    • Target

      Cancellation-W94.wsf

    • Size

      487B

    • MD5

      1eb424ed65c282df367169d2c95f5e64

    • SHA1

      ec82152577fd11be15c5a658077fe169d329d883

    • SHA256

      86a065377605b5cd585054a42468517cb4e4b89c5d60a4beb732bb7b903dd158

    • SHA512

      240c7c409cdb4b33e0a7c86bc92a66a443c1ff0c2d787935b6c8ee2af72dff76dbd94aa2696324f8230fac9a5fe8883974cbc495b95da2c4e28974cda1476cad

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      escapists/data.txt

    • Size

      1KB

    • MD5

      c50bc0e676d4a797fa15e7cef6e18ae5

    • SHA1

      7684609531a4f5683bda0b629f565d06b1e20f66

    • SHA256

      5216c0f4ba65ab5c5865ff3703192bf1ce0350a99cb8d8a552a97ba157377b45

    • SHA512

      ff60b4dd7d18ebbd43f5118378161ffd6b4b19ae3656d305ad0991b40a26e2767318b3c95fb13f5b098c36dd07a3b8bd9919bd4d2d95febc1b88348d5eb46619

    Score
    1/10
    • Target

      escapists/header

    • Size

      100.0MB

    • MD5

      5937fb14ca678edd47fca8acbf0f12d0

    • SHA1

      c1ff9be307e47212d858e3bd534a32e94eba0d75

    • SHA256

      cd1f2a4b7893d1c70893ed2ba347e140d34bdcd2794097424083d9367fa5caa6

    • SHA512

      b552f74ee4dc974b9f42feeb7a97a70c7c3bb94817478c571195d6d91156ea7d4d90a426df0fef975c91a549b19763c3a7a87c0a564a11cabc95630ebaf9ff09

    • SSDEEP

      3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkw:Yu

    Score
    1/10
    • Target

      escapists/invaluably.txt

    • Size

      78KB

    • MD5

      d306ed84c61a2c1165238273ce718b4e

    • SHA1

      84ee6d80487bf493f9fd3a5b972020ac07684e75

    • SHA256

      e85d120eb1f356331305e657cddbdff25d2dca7e89d5a3c15bcff8a6674ba1e8

    • SHA512

      0532845588a67193a6187e27b67dd7cb7d4a454534a504176096a5adf8fe3a28243f701b57808bb38a8dd1c5e43e9e62283752edeb15cd3f9f7a10cd0effd275

    • SSDEEP

      768:sxviRxI+LbxIcMyrD3nlbUzAhnEQkLr+nxINKoxIhKxvi9oxIbohKxFqhKniifj3:sxvqTMaO8nEQk9KOxvmZfxF5n1BlpV

    Score
    1/10
    • Target

      escapists/psychophysic.txt

    • Size

      2.1MB

    • MD5

      77276574fb4672b3e42ea766478779fc

    • SHA1

      e8ba77d2a4914710b5f8a7ad5abe830c916d2134

    • SHA256

      7f5a479345e7ed0efb1f137689f0b6668f0a32886a35984566fc875c5f8d32a7

    • SHA512

      3fcf9fa2647ec29289b27cb2d889ddb39556f7cc19c5b3962366188fb4b7fb7166404ac07bfe99c31be671f847c8e3f8dbb14f41c92cf4784dd5aaded833ed55

    • SSDEEP

      12288:fTqyEYU/UgNPzJ2bTXPPj8I8aigEXTJcn8NT8:7qyTIUgN/nNE28

    Score
    1/10
    • Target

      escapists/shacked.txt

    • Size

      212KB

    • MD5

      2e5fd5448d4acaa5ce095605fdb05b27

    • SHA1

      b2c538fec0da920bb44d9e87760d76eb12860e83

    • SHA256

      20a0840783660eb867c10613528ef2fc8b78645c50b19cbe275a8e58f7137aa7

    • SHA512

      ee1262dc6226c4edf7dfee5c1628bef48b925422edb2a8c443bfd3d2e0faeb6a067e40b338c0fb5c58ea9fac785c5292bd201b2856718f744ebf4d1ec5968293

    • SSDEEP

      6144:9TBFPO4HHHHRTqwpCOuBHpDdTSNwsc2W8HeHc3wPOsjoTKM:PZO4HHHHYwIOuBHp8wOHeHwwPOsq

    Score
    1/10
    • Target

      escapists/treason.png

    • Size

      24KB

    • MD5

      dfb824248cc166b7b57209a7ea25b27e

    • SHA1

      a2464b4f8df7396ed4d02b15ee0e934a7e542f81

    • SHA256

      9c3a9f924a70e79c9a8328b7b661540a819f0002bdaad19f18f3c4896a2ca613

    • SHA512

      a795a227a2e04d8066e3359c7eb8860e00067a2c309c3b87f2ccbf9a4b39b8454b80a864bef609e4cb8f44f2ded40f5c53919d32d082b2a78ae7bc693074d090

    • SSDEEP

      384:XXhhKsfKI4TgkJN04AwU6dGQHRPV9X/AzetdiuhY675nalCGOS:XXusfKua9Aw3dGwh4e3bnuUS

    Score
    3/10
    • Target

      escapists/unapproved.gif

    • Size

      14KB

    • MD5

      090aed4f6643abc24889f6fa079be9ce

    • SHA1

      601d5e504982e991e567b7861e33bbab87ea016c

    • SHA256

      24a8ec9fccea3ceefa9202e78b42c81be7c358f69a07c5fe9e7718e8a6a8b515

    • SHA512

      5d824d90b7708b0d4c4cd6546fe755d27c10f836fa117d19584443389a1367ea64a2e932acc67ce9d97e0cf194cd8c50e798e95bcd8d4d43781f900e619cf3f3

    • SSDEEP

      384:lXrga0FiadvgvlA6z+lEFZgwjTIkEfIbjI:NgZcaRaAjlE/v5E+k

    Score
    1/10
    • Target

      escapists/whimsies.txt

    • Size

      160KB

    • MD5

      7ade1f8eda3e35e527f75b673286b8e9

    • SHA1

      1b6f9f08c8b18d7abbb4f23efc289d1981930486

    • SHA256

      b9e2648c2a25667f3f241b8b89c250afcda4fba402207e8ead76f5efa71386df

    • SHA512

      f202d705fa99ce9489aa3313ae77cd961d2c712c299b20d4011ba8aa822991b444b3335dbc3bc15ecad0cba7a98d6d8f06dcb654f457147ecb351904be3ad0a6

    • SSDEEP

      1536:0uM+lc8nHU8ZfxF6fnrPPxTvGtZtQ8kU8Z6xvFZZ8ymb87S9fxvzxFTx0MjkFd:VMyJurPPsxJ2FOMjkv

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks