General

  • Target

    5b67702e6589f0e6765f7b0c240756386a1af9979ac3f15596fb2eebb06aa6a6

  • Size

    779KB

  • Sample

    230129-wbc88afh35

  • MD5

    95a32c16293179a064855cbfd92094fb

  • SHA1

    a91bfd968afa7d5ebf05a527dc49aed058289807

  • SHA256

    5b67702e6589f0e6765f7b0c240756386a1af9979ac3f15596fb2eebb06aa6a6

  • SHA512

    4c97df6773045823da0ac40cfff3f5095c47fdeb2a3d20ea24c11456fbf0d5a0030f11832b66476157b5f7e2815a766d41b2d11411f94a1640d52e994908b127

  • SSDEEP

    12288:/jgcJlROl0jl5VnnR7wDfYT8yF5v4znqImCOtjrponmp0YUVusV4VA+I94W34ur:/UslSCvn4fYld4jmltWqST1

Malware Config

Extracted

Family

qakbot

Version

323.6

Botnet

mg03

Campaign

1560936755

C2

107.12.140.181:443

172.115.189.208:443

73.139.60.106:443

206.51.202.106:50003

100.38.177.146:443

173.178.129.3:443

99.228.242.183:995

174.48.72.160:443

47.146.173.204:443

64.228.72.42:2222

174.67.179.109:443

75.131.72.82:443

209.137.209.84:443

75.71.201.170:443

64.53.242.181:995

92.99.231.188:443

71.191.132.8:443

71.77.231.251:443

73.226.220.56:443

38.123.196.166:995

Targets

    • Target

      5b67702e6589f0e6765f7b0c240756386a1af9979ac3f15596fb2eebb06aa6a6

    • Size

      779KB

    • MD5

      95a32c16293179a064855cbfd92094fb

    • SHA1

      a91bfd968afa7d5ebf05a527dc49aed058289807

    • SHA256

      5b67702e6589f0e6765f7b0c240756386a1af9979ac3f15596fb2eebb06aa6a6

    • SHA512

      4c97df6773045823da0ac40cfff3f5095c47fdeb2a3d20ea24c11456fbf0d5a0030f11832b66476157b5f7e2815a766d41b2d11411f94a1640d52e994908b127

    • SSDEEP

      12288:/jgcJlROl0jl5VnnR7wDfYT8yF5v4znqImCOtjrponmp0YUVusV4VA+I94W34ur:/UslSCvn4fYld4jmltWqST1

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks