General

  • Target

    Calculation5639.iso

  • Size

    938KB

  • Sample

    230127-hfr2aagf29

  • MD5

    abc142e3c2853f06d4440823dfb6c325

  • SHA1

    94852edd615d09955f7ffbb7e17e155b58131125

  • SHA256

    97008eb4feb0f451695af9c1919780f69302d6dc01d51dbf557823a067322fdb

  • SHA512

    f03db66485eac0eedafa9e57baf67a32676d492734ada0232451dea1212d865309b4e7da3522566100753a320ce9bd0641c4a6b79822b1bbb239746ba12017f2

  • SSDEEP

    12288:rZBs6eUwpkdFC7dStewcZWOcRzrXugaJJkPcpFJO87YwoOEwXKPawgqwpwjOFwYr:N+UwWFew2DrkW7YwqwaywNwpw4w

Malware Config

Extracted

Family

qakbot

Version

403.973

Botnet

obama214

Campaign

1666019778

C2

105.96.221.136:443

37.37.80.2:3389

105.154.56.232:995

41.107.116.19:443

105.103.52.189:443

159.192.204.135:443

41.107.58.251:443

177.152.65.142:443

102.47.218.41:443

176.45.35.243:443

70.173.248.13:443

102.159.77.134:995

220.123.29.76:443

82.12.196.197:443

103.156.237.71:443

149.126.159.254:443

176.44.119.153:443

181.56.171.3:995

190.205.229.67:2222

151.251.50.117:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes
  • salt

    b�_HP&Mg�@��)U��(|�gR�b7��$L�����9,w:�X'�����]I�N} ��y�t���q� i���� Ƈ�֯�8��Z\\Ƀ�?.�ud�ڣ:� �|t\�v}�� �)�� q�L��霜k�4�6���iRr~�6 eU�����?f�p,|�͵cQ��`��"”p�Dz� >�o���tT�IL�z��{O퇋�V;P�oނ�G

Targets

    • Target

      Calculation.lnk

    • Size

      1KB

    • MD5

      e976106196b4336440219b0275608ff7

    • SHA1

      0315c08538ee1893d43927e0540abd14e0af96dc

    • SHA256

      b4b3afed0916e0c32718ac2a76bff0c4680fd7b6d7334f225677a8da7334b90d

    • SHA512

      80b0fc4237e095446c27321cc9f63b16d6308301d65239f5c1b16148526818bbab363b7c2d7b4482c339ab06b66e4bb854d0af1f2b51b75006e2a9e4c99402df

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      vertices/pantries.asc

    • Size

      584KB

    • MD5

      4ccba1aae3e03bd8598b781ee11306dd

    • SHA1

      8dc3fe2aed0f3a251b9efe6fa5522fee2b4605cd

    • SHA256

      6aff6f1dabb7e1211a1c1726fb2ba8c0d67f580c4c4008a2082154246665f031

    • SHA512

      43df8738a6220601beaabb8a19aa73d26745b444d6e0abf46f65719a3f185bdceb05141571084467fbd0c7fb1207b319761e358219386e01b4a7b995607144b9

    • SSDEEP

      12288:HZBs6eUwpkdFC7dStewcZWOcRzrXugaJJkPcpF:5+UwWFew2Drk

    • Target

      vertices/wormwood.cmd

    • Size

      290B

    • MD5

      ee164287bd040ca54021a1374b0b261c

    • SHA1

      bd78bb2518b281906d2511ff0b3c30480677ee9a

    • SHA256

      76b2f6d44ae7e32c24e4bde1822b6eac07e8a1ae5b7d9a2d109853875bb37030

    • SHA512

      2b1e645e28d66597efde512e3f67a13b2eebf39cd612f33015655a9593e7fbe16af2ba5c7b9b0fe4dc64c68ac36b98f6975cdfe1967e962e5b3252fec499bf85

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks