General

  • Target

    f651d4ab514a9cc9b599b663bb2356bd752f47f6cf83abf87a1e27373f577b84

  • Size

    1012KB

  • Sample

    230129-wbfdkshc6t

  • MD5

    53656380baec56fec5ef81a63c199d68

  • SHA1

    8e8ae99b78a074a32ef5f7c19e8b8e7fdb6a7e1b

  • SHA256

    f651d4ab514a9cc9b599b663bb2356bd752f47f6cf83abf87a1e27373f577b84

  • SHA512

    235a1b3db2a9491e0b877fe5e2f9c0380a8cc81d1d499a7066d32963c5dc223cdfa4cad90ec9d71f5f9ecac396fe01a73a1fbc78c7e17bb98f08bf66ade3f7a8

  • SSDEEP

    24576:WQyMCN663wyUf0BrUS0oAK4oUeETDKVKi+oO01:hCN3efErnlfqgtOS

Malware Config

Extracted

Family

qakbot

Version

323.6

Botnet

sp41

Campaign

1558440615

C2

68.238.144.55:443

65.116.179.83:443

64.228.72.42:2222

73.82.248.103:443

50.101.51.56:3389

68.59.209.183:995

50.101.51.56:8443

190.202.246.58:443

67.141.241.27:995

186.146.51.149:443

50.78.93.74:443

181.197.195.138:995

139.60.151.72:443

104.3.91.20:995

174.48.72.160:443

186.47.208.238:50000

190.120.196.18:443

68.174.117.63:443

50.247.230.33:443

69.203.218.89:995

Targets

    • Target

      f651d4ab514a9cc9b599b663bb2356bd752f47f6cf83abf87a1e27373f577b84

    • Size

      1012KB

    • MD5

      53656380baec56fec5ef81a63c199d68

    • SHA1

      8e8ae99b78a074a32ef5f7c19e8b8e7fdb6a7e1b

    • SHA256

      f651d4ab514a9cc9b599b663bb2356bd752f47f6cf83abf87a1e27373f577b84

    • SHA512

      235a1b3db2a9491e0b877fe5e2f9c0380a8cc81d1d499a7066d32963c5dc223cdfa4cad90ec9d71f5f9ecac396fe01a73a1fbc78c7e17bb98f08bf66ade3f7a8

    • SSDEEP

      24576:WQyMCN663wyUf0BrUS0oAK4oUeETDKVKi+oO01:hCN3efErnlfqgtOS

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks