General

  • Target

    9629c0414d135a3377dd394278914ce6853455c47c330340041422be001e67e3

  • Size

    588KB

  • Sample

    230129-wbegaafh36

  • MD5

    17b8eba36acb8e85b66b7b2539ff905b

  • SHA1

    209e8efec5ffe4c81ec497b085141d1d42195bc6

  • SHA256

    9629c0414d135a3377dd394278914ce6853455c47c330340041422be001e67e3

  • SHA512

    acb5bb5f61877924e6680cfc9ceaf0babd66cbc3f217e5b101c821c54eeefd99de1b34958bbbce4d4133935cb54d6402578adee115803bf0fc633688a08be08f

  • SSDEEP

    12288:J8bleDjHN3zBte3PCTQgJoLuzHjQcdG340zHvcCHL2Jvk:Jc4DTpHXCLw04c4gvcmL2JM

Malware Config

Extracted

Family

qakbot

Version

323.6

Botnet

sp42

Campaign

1558466090

C2

68.59.209.183:995

50.101.51.56:8443

74.139.37.244:443

68.238.144.55:443

65.116.179.83:443

64.228.72.42:2222

173.202.3.154:50001

209.182.122.217:443

67.68.229.196:995

73.82.248.103:443

50.101.51.56:3389

70.105.162.74:443

65.184.83.199:2222

166.62.180.194:2222

75.190.118.68:990

47.146.173.204:443

64.20.68.35:2083

67.141.241.27:995

50.78.93.74:443

181.197.195.138:995

Targets

    • Target

      9629c0414d135a3377dd394278914ce6853455c47c330340041422be001e67e3

    • Size

      588KB

    • MD5

      17b8eba36acb8e85b66b7b2539ff905b

    • SHA1

      209e8efec5ffe4c81ec497b085141d1d42195bc6

    • SHA256

      9629c0414d135a3377dd394278914ce6853455c47c330340041422be001e67e3

    • SHA512

      acb5bb5f61877924e6680cfc9ceaf0babd66cbc3f217e5b101c821c54eeefd99de1b34958bbbce4d4133935cb54d6402578adee115803bf0fc633688a08be08f

    • SSDEEP

      12288:J8bleDjHN3zBte3PCTQgJoLuzHjQcdG340zHvcCHL2Jvk:Jc4DTpHXCLw04c4gvcmL2JM

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks