General

  • Target

    2bf9a876be6862ee718834a1407ebc4cdcda17730e922b39065954c33980ff3a

  • Size

    777KB

  • Sample

    230129-wbcbxshc51

  • MD5

    3d37769c7e83748c00262318a395cb19

  • SHA1

    8f3022f2653b8a72a420e5cc33c12bb39bad008f

  • SHA256

    2bf9a876be6862ee718834a1407ebc4cdcda17730e922b39065954c33980ff3a

  • SHA512

    227983418aaebc2c3a871e697d50f834e1f3f442898286180dda2557bab597ec2ecd61119fa3ea5b924b7ec5a292da939c6789b4dd560d610cb6f0c3871e0154

  • SSDEEP

    12288:kD+8/2tR7CvaI8SbvTifiH/vdDRu6sgANA1zB0ghBDo/eKf/R694W34urI:kDz/YBTSvmclQAUQ1w

Malware Config

Extracted

Family

qakbot

Version

323.6

Botnet

mg04

Campaign

1561039431

Targets

    • Target

      2bf9a876be6862ee718834a1407ebc4cdcda17730e922b39065954c33980ff3a

    • Size

      777KB

    • MD5

      3d37769c7e83748c00262318a395cb19

    • SHA1

      8f3022f2653b8a72a420e5cc33c12bb39bad008f

    • SHA256

      2bf9a876be6862ee718834a1407ebc4cdcda17730e922b39065954c33980ff3a

    • SHA512

      227983418aaebc2c3a871e697d50f834e1f3f442898286180dda2557bab597ec2ecd61119fa3ea5b924b7ec5a292da939c6789b4dd560d610cb6f0c3871e0154

    • SSDEEP

      12288:kD+8/2tR7CvaI8SbvTifiH/vdDRu6sgANA1zB0ghBDo/eKf/R694W34urI:kDz/YBTSvmclQAUQ1w

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks