Resubmissions

22/02/2023, 21:48

230222-1nxkvadg33 10

22/02/2023, 19:41

230222-yd5scsdc27 10

General

  • Target

    0YDUP.zip

  • Size

    1.6MB

  • Sample

    230222-1nxkvadg33

  • MD5

    c28c3fa5c527dbfdaba97413a340537a

  • SHA1

    55d6473999d6c56fa244f828c35a1cd624e58830

  • SHA256

    9e275afd96967eb2eecaf4c8f2d6c7889760700f49deb30e47b3e75b700ab1d5

  • SHA512

    284f5bccfc9d04fdafeafff512867d49c0908f75e9b2b34be77e4a63e5b7ec038dc1f24f51ad1585d6f0cce27e90d45c9a967e2994a211d91974f8ccc08c3dbb

  • SSDEEP

    24576:YuFLtnzHlEsonp06lPj65vuict6kRfps2tr9yDWWlwgIPqSnRK+Sok7H0fiNtIu:YKLxysonaijguBsCs2t0DW2It9u

Malware Config

Extracted

Family

qakbot

Version

404.9

Botnet

BB16

Campaign

1677046917

C2

47.21.51.138:443

72.80.7.6:50003

82.127.204.82:2222

49.175.72.56:443

201.244.108.183:995

122.184.143.82:443

102.156.253.86:443

74.58.71.237:443

47.21.51.138:995

77.86.98.236:443

71.31.101.183:443

136.232.184.134:995

86.225.214.138:2222

95.242.101.251:995

109.11.175.42:2222

90.78.138.217:2222

184.176.35.223:2222

35.143.97.145:995

202.186.177.88:443

114.79.180.14:995

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      RR.lnk

    • Size

      1KB

    • MD5

      116043c27c54721a59fa3e47186ec052

    • SHA1

      4d9dcb94a693af74efd935f1b0867fbe8009e39e

    • SHA256

      af2bf4c628f6b1cf815e9d5b898ec10334da7fc709436903d8f9a6dd68fcf392

    • SHA512

      231ba488f405044aed8231a4e2d0303be49b46b0486c63ee6ddb72a8b0a895b89b486cc26b06524d84590ee19241352d95a040057c2a51d418985aeab372f7c7

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      vibrations/curtness.cmd

    • Size

      258B

    • MD5

      51da8c5b5c10e7aee244c7dcb832942f

    • SHA1

      75f00bdeeea03c74b0bdc49d57c841ed3a20f1b8

    • SHA256

      3bf77543540e4d4e6756932f83c0230ce5b7cfd80bc40b0a58bddc714a9fa3fc

    • SHA512

      c9f7d008d8b2ea3b1a526900d8b0d4c8886df995da55051422e0d2c0b61c4c7d964f9ec49d90e0b71921c2921fd0e30c4748d232a3cbcd39f27c2303290a9755

    Score
    1/10
    • Target

      vibrations/thriftlessness.sql

    • Size

      1.6MB

    • MD5

      b24f6d86e43c7d3aded6e5d4ec8ec04d

    • SHA1

      afbcfc6309f76e3b30cf4c0b4eb7e1813d0e2d7a

    • SHA256

      17e8215ba5fc5bcf8c1ed616bcc17e8a9b5bf18e8730cf73dab4a0b8fb00ff73

    • SHA512

      09b62f595303287583e514e612b962c1612c794d4670f26af2e92de62d62c861d988ce0baaa0d004c925642f94b28b8edaf37c4ea82ff84beab1dda6fc4ca50f

    • SSDEEP

      12288:hgD7oi4JVR7GiHZJUMY4qSl9rBQpVvFBuLBmIiPy0Kko1KTVFufFKHcqgEQX0eka:c7o9PrBeVXoY76Nj39J

    Score
    3/10
    • Target

      vibrations/unmeticulous.exe

    • Size

      1.6MB

    • MD5

      018796d4670ac12865be2f00382bbc8e

    • SHA1

      8564027153dca487eca613345ab3b2de0add4f26

    • SHA256

      22d1471ed17c681aa5580c59712005e1c70ef9c306cbcad245a64f7dfae47847

    • SHA512

      4edac00e0d19b439c300328bf4f7abc98cadfce0d7f4283f1c6278bec24d0ed7c2e51090a2e584a7a2a2e645e396a890d9589fe3f660fa73fc238a09d827bc7b

    • SSDEEP

      24576:qN2PGK9rDuNMZD22lHNFVntTX25fHSMv0UskeuzQU2z6IdcL6UCUK:qN2P39PuNYvlHTX2EMuZuzJ2z6nzK

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks