General

  • Target

    1YIRH.zip

  • Size

    1.6MB

  • Sample

    230222-v5gytsee9t

  • MD5

    1fb90b12a538f97725e0023480569c3b

  • SHA1

    46e572c6ed3b19eef6443ee3fde1389a82f0611a

  • SHA256

    d48874475e0df4425298b6657e50c5bc73a19414c70d1ccf8defd2acf82e3fab

  • SHA512

    db1a4b7a09bd3afec9d9db3a2edf030e8dabda6b375b71974375cc6edb1eff5cf950f8040faf1cb3b343ccdc13cc12eed0a4faeb317424fcdc5634e617a9337e

  • SSDEEP

    24576:cJ1QlAt1lg2nnBtWThpnHwK1idC8e8X0GXB2IQxbS/5v1y6kg+v6Nkcv:cMl8lF2nx1v8HXhUzbK5w6Nnv

Malware Config

Extracted

Family

qakbot

Version

404.9

Botnet

BB16

Campaign

1677046917

C2

47.21.51.138:443

72.80.7.6:50003

82.127.204.82:2222

49.175.72.56:443

201.244.108.183:995

122.184.143.82:443

102.156.253.86:443

74.58.71.237:443

47.21.51.138:995

77.86.98.236:443

71.31.101.183:443

136.232.184.134:995

86.225.214.138:2222

95.242.101.251:995

109.11.175.42:2222

90.78.138.217:2222

184.176.35.223:2222

35.143.97.145:995

202.186.177.88:443

114.79.180.14:995

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      RR.lnk

    • Size

      1KB

    • MD5

      f74323cd1cb9800e0f13383dd57e476f

    • SHA1

      12ee2a1636466b349a817e05b6d01a16411812a3

    • SHA256

      ff9b917e445b6d402236ce03427be1ffe5401c8e2cc5c0174cfdc846f9dc88df

    • SHA512

      f6ffad96856202cfd847fdee53714d2556ed9f788577c3d704af9c98c7f46b041bcdfdc54d1d9822d0cd737eff02cf3d8b07e3c513d28a512e3d47fee62e742d

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      head

    • Size

      200.0MB

    • MD5

      c0b055ac335b87ef43bb2a21aa8560b6

    • SHA1

      41f61541d6783406801ac13f591430d4c669583e

    • SHA256

      4ef3bfcc09d1ee581e611ac67703d800fe261b823e50d339e7268c3a861ece53

    • SHA512

      85540e3a4b9ae10d20c6bb823b132b72b5c58426a7f65906b979c60a75a01aea48084e2128d99242cdec830f1841b540105ba7b7811408e457753b8a83f6eef7

    • SSDEEP

      3:N/t:n

    Score
    1/10
    • Target

      vibrations/becomes.sql

    • Size

      1.6MB

    • MD5

      e968e52be9e0e360b94f641644a835ff

    • SHA1

      dfd6ae26c924469c9cde550b0a78c736e5ff40b4

    • SHA256

      422f61c477effacce38fdf717bfb5c44558168687eae9be203e54cc97a6ae529

    • SHA512

      bb404637d6de98c5ac26a4cc12db266e7678dc032338374aec7298f2ecb6964121aa07d55f7ea4c1461bd245cb313becb171a3cd8c431a991042f2f31216d52d

    • SSDEEP

      12288:hgD7oi4JVR7GiHZJUMY4qSl9rBQpVvFBuLBmIiPy0Kko1KTVFufFKHcqgEQX0ekn:c7o9PrBeVXoY76Nj3gJ

    Score
    3/10
    • Target

      vibrations/chill.exe

    • Size

      1.6MB

    • MD5

      018796d4670ac12865be2f00382bbc8e

    • SHA1

      8564027153dca487eca613345ab3b2de0add4f26

    • SHA256

      22d1471ed17c681aa5580c59712005e1c70ef9c306cbcad245a64f7dfae47847

    • SHA512

      4edac00e0d19b439c300328bf4f7abc98cadfce0d7f4283f1c6278bec24d0ed7c2e51090a2e584a7a2a2e645e396a890d9589fe3f660fa73fc238a09d827bc7b

    • SSDEEP

      24576:qN2PGK9rDuNMZD22lHNFVntTX25fHSMv0UskeuzQU2z6IdcL6UCUK:qN2P39PuNYvlHTX2EMuZuzJ2z6nzK

    Score
    1/10
    • Target

      vibrations/tears.cmd

    • Size

      240B

    • MD5

      4d3327d333d155dce10f6b5d78ae046c

    • SHA1

      364f765068aeb29cfbc7a3049599c158062feed6

    • SHA256

      75317d6ee81f4495e61f97d17b4d6b76295727f5eaa89e5bf036398ba85ce686

    • SHA512

      72702fcdeb926e2747bb4af811e88ed89b5f76153c35e4877732d5e29cdbda082f434e37099b74e5c83f63713d490428481a7d86de6fcbe0ba94cb5e7fba8e42

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks