General

  • Target

    7KBCD.zip

  • Size

    1.3MB

  • Sample

    230222-z5crbsfd91

  • MD5

    eb94748862c5c6a0578179f9c333e218

  • SHA1

    86a87120a538a4485a04788f72ed0e6897b38366

  • SHA256

    c21308de2566abb581c8feed18b3ad6aa55b0af81ff03adca729bae33f3f5152

  • SHA512

    a849365c39d3f9002ba59d29d072c9ddc025f945a4f52ebde6ca15ab174198b54c278a1f832dd783be5c5ee02f0cd93dfcd0c71582e4d77b14300bae7d4fccfc

  • SSDEEP

    24576:ig+TyG8MbIcAbYFtt1PdYV4E8Y8/pt89gKjyceXSHzKNPsf6V:4Ty/MkccYFttrYVXCog7cpH+PV

Malware Config

Extracted

Family

qakbot

Version

404.9

Botnet

BB16

Campaign

1677046917

C2

47.21.51.138:443

72.80.7.6:50003

82.127.204.82:2222

49.175.72.56:443

201.244.108.183:995

122.184.143.82:443

102.156.253.86:443

74.58.71.237:443

47.21.51.138:995

77.86.98.236:443

71.31.101.183:443

136.232.184.134:995

86.225.214.138:2222

95.242.101.251:995

109.11.175.42:2222

90.78.138.217:2222

184.176.35.223:2222

35.143.97.145:995

202.186.177.88:443

114.79.180.14:995

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      RR.lnk

    • Size

      1KB

    • MD5

      e11e154ee90f27fa17050a139523939b

    • SHA1

      20bd4d6a8e35d438d4b19c74c4a2d4fe5453fbcc

    • SHA256

      e495000b075ced39574d17076457e30f36a45ba00cb87647e481ce004d09d306

    • SHA512

      8bfde446bc0ae8501906838b1df7a6358ec060e79058c9f8bb0e8fce021c6587fa06d698141ab9f0c9abc906bf343c3a1e774e08afbfeaecde041f38d281c4b1

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      vibrations/compartmentally.cmd

    • Size

      242B

    • MD5

      e00bea94b5f441a6c1907e25b262ed15

    • SHA1

      850893825f7e653211d132f158d992223f6f4212

    • SHA256

      e484ad356ddff0094e84134bffb75e5c520beddff93600de51506e3266960eba

    • SHA512

      7c596e008d5b6df3c0a6356716da101243af2f47e74b70d495394d24de520fe5b9bf7443051dc21736c8cf5337ed38c64a4cd15cb9eb7eb55be6338f5556ec13

    Score
    1/10
    • Target

      vibrations/disobeys.exe

    • Size

      1.6MB

    • MD5

      018796d4670ac12865be2f00382bbc8e

    • SHA1

      8564027153dca487eca613345ab3b2de0add4f26

    • SHA256

      22d1471ed17c681aa5580c59712005e1c70ef9c306cbcad245a64f7dfae47847

    • SHA512

      4edac00e0d19b439c300328bf4f7abc98cadfce0d7f4283f1c6278bec24d0ed7c2e51090a2e584a7a2a2e645e396a890d9589fe3f660fa73fc238a09d827bc7b

    • SSDEEP

      24576:qN2PGK9rDuNMZD22lHNFVntTX25fHSMv0UskeuzQU2z6IdcL6UCUK:qN2P39PuNYvlHTX2EMuZuzJ2z6nzK

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks