General

  • Target

    e2e6c47615594e423ef50d3c517d6556e9b9ab74cf06d44c236dabfc0d15c00a

  • Size

    585KB

  • Sample

    230129-wbdvrahc6s

  • MD5

    5dba2a69765ba6617749f475c061db15

  • SHA1

    295d14a356caced6fd3d0dee421bf3be5f5a7f64

  • SHA256

    e2e6c47615594e423ef50d3c517d6556e9b9ab74cf06d44c236dabfc0d15c00a

  • SHA512

    0dfb7f97a0537fc82fd174346b878147ef7203e25083e803843843445e5a1c635525a007d3fb545db5df4b72b822748789e350903d36112918dc987042055588

  • SSDEEP

    12288:1sZIRgV4IT2Rm81rVBlNevgw6OoepN7mJm3vI2etAj:1RgV5T2F1rVgvgw84BmJivD/

Malware Config

Extracted

Family

qakbot

Version

323.6

Botnet

sp41

Campaign

1558466304

C2

68.59.209.183:995

50.101.51.56:8443

74.139.37.244:443

68.238.144.55:443

65.116.179.83:443

64.228.72.42:2222

173.202.3.154:50001

209.182.122.217:443

67.68.229.196:995

73.82.248.103:443

50.101.51.56:3389

70.105.162.74:443

65.184.83.199:2222

166.62.180.194:2222

75.190.118.68:990

47.146.173.204:443

64.20.68.35:2083

67.141.241.27:995

50.78.93.74:443

181.197.195.138:995

Targets

    • Target

      e2e6c47615594e423ef50d3c517d6556e9b9ab74cf06d44c236dabfc0d15c00a

    • Size

      585KB

    • MD5

      5dba2a69765ba6617749f475c061db15

    • SHA1

      295d14a356caced6fd3d0dee421bf3be5f5a7f64

    • SHA256

      e2e6c47615594e423ef50d3c517d6556e9b9ab74cf06d44c236dabfc0d15c00a

    • SHA512

      0dfb7f97a0537fc82fd174346b878147ef7203e25083e803843843445e5a1c635525a007d3fb545db5df4b72b822748789e350903d36112918dc987042055588

    • SSDEEP

      12288:1sZIRgV4IT2Rm81rVBlNevgw6OoepN7mJm3vI2etAj:1RgV5T2F1rVgvgw84BmJivD/

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks