General

  • Target

    284b32070cf3c49792a464f6c15c2bfe.zip

  • Size

    1.6MB

  • Sample

    230222-yxhryadd25

  • MD5

    284b32070cf3c49792a464f6c15c2bfe

  • SHA1

    2c2020ff552703ca71e444c7cd900e57e036df1b

  • SHA256

    0272da4d3be22b328b3794bf3447f84ce3332d023a416b950737584447aff227

  • SHA512

    581988314751913344b3363a925fb236d72f19f75e0482fe6e229a52bd07139e03a457999ff01e51ee52bac42721a8206fdc3e93f37111b53ed081e043dd3f9e

  • SSDEEP

    24576:jNoJtf2amM99XJkoNnXAw1RkEH5WMgI+EAE5brnqgB411Bj+9KJdVoA:jNKfpmk/zQwfkEHkMdn9Y5Kqb

Malware Config

Extracted

Family

qakbot

Version

404.9

Botnet

BB16

Campaign

1677046917

C2

47.21.51.138:443

72.80.7.6:50003

82.127.204.82:2222

49.175.72.56:443

201.244.108.183:995

122.184.143.82:443

102.156.253.86:443

74.58.71.237:443

47.21.51.138:995

77.86.98.236:443

71.31.101.183:443

136.232.184.134:995

86.225.214.138:2222

95.242.101.251:995

109.11.175.42:2222

90.78.138.217:2222

184.176.35.223:2222

35.143.97.145:995

202.186.177.88:443

114.79.180.14:995

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      RR.lnk

    • Size

      1KB

    • MD5

      7130c693abb810df9831e93c5fcca82e

    • SHA1

      3ab01e874b7070fa5a3944939ec5fa65e2be9ae3

    • SHA256

      b2f995e09f5583369197003bd1766b46661c73d010ed78768d5ca233e9c5636c

    • SHA512

      1fd619bc9414ed10f8ffb7804065a654809cc2a3796ee247e8e724afe33dde5469d15396fbe364c5ca74eaf147e2dc06a288c3a5978f54188010d19b934a3f13

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      vibrations/lends.cmd

    • Size

      253B

    • MD5

      75063eaf1971396192c7c6af457b1a34

    • SHA1

      d05e4146584bdd2bb37670c83eeb002f7dc49cdc

    • SHA256

      3111f751acf64b338afd58578a8380b5b18f2e56db10ed13c99461c472e1c9a3

    • SHA512

      310c16a0fe240ffb17010b0556cd4eb24316f75a5dddd14ab33d6bca29f1ff04e16ca55a50b85bad36e1639f2aae8771af4799ce536d5157144ff7ba63bf1060

    Score
    1/10
    • Target

      vibrations/objectivity.exe

    • Size

      1.6MB

    • MD5

      018796d4670ac12865be2f00382bbc8e

    • SHA1

      8564027153dca487eca613345ab3b2de0add4f26

    • SHA256

      22d1471ed17c681aa5580c59712005e1c70ef9c306cbcad245a64f7dfae47847

    • SHA512

      4edac00e0d19b439c300328bf4f7abc98cadfce0d7f4283f1c6278bec24d0ed7c2e51090a2e584a7a2a2e645e396a890d9589fe3f660fa73fc238a09d827bc7b

    • SSDEEP

      24576:qN2PGK9rDuNMZD22lHNFVntTX25fHSMv0UskeuzQU2z6IdcL6UCUK:qN2P39PuNYvlHTX2EMuZuzJ2z6nzK

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks