General

  • Target

    9DEUT.zip

  • Size

    1.6MB

  • Sample

    230223-agrg5seb48

  • MD5

    fa9515d72604767ac425f168be2d146a

  • SHA1

    2a9ad765cb39484bbccfcaaadc7c3e100a73aaa0

  • SHA256

    749ebbf90e6b4819795b61976f5f589368acc86ced65c8e5633d1fe612cc0de4

  • SHA512

    b3c34a0f74b37599df378d2ee5184447750971cf4fb7933f3c078f2f94e52765ec72474de3afce799243a8cb792d293764ac5be4eade66babf60430d60b38e9a

  • SSDEEP

    49152:tNKfpmk/zQwfkEHoMds7j8KTguqmSTs5+XrO:qmk/zQekDesBEu/QCKO

Malware Config

Extracted

Family

qakbot

Version

404.9

Botnet

BB16

Campaign

1677046917

C2

47.21.51.138:443

72.80.7.6:50003

82.127.204.82:2222

49.175.72.56:443

201.244.108.183:995

122.184.143.82:443

102.156.253.86:443

74.58.71.237:443

47.21.51.138:995

77.86.98.236:443

71.31.101.183:443

136.232.184.134:995

86.225.214.138:2222

95.242.101.251:995

109.11.175.42:2222

90.78.138.217:2222

184.176.35.223:2222

35.143.97.145:995

202.186.177.88:443

114.79.180.14:995

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      RR.lnk

    • Size

      1KB

    • MD5

      27e3015a1377cfa45182a3bca5e488c2

    • SHA1

      d31a5c93f66b517a6f0838c2efc560397314e441

    • SHA256

      38d69df1ab5bc566d14ad8053febf9d5896cf7acfe5163cf81010195b379a998

    • SHA512

      5630f060e823b3bde38626fbbe1cc1cf11ea0560e439c389c39446eb84d8c4cdcca6abdd91fb453b11f7f824bf18e0d7591e1a2367ab59aba9eb9f63af8718cb

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      vibrations/elephant.sql

    • Size

      1.6MB

    • MD5

      6e15a32f1e2bfd30ce85a4258d06d469

    • SHA1

      8f9d43e7d0f22b7bee04cf6bd815e77b0df43f30

    • SHA256

      cd8e21614eebb91fa0424aa07ee05287a6411064a0e75e32f99d1ffbf0aac087

    • SHA512

      1f8a6a4bb46088b4422734d8359ae47b0f815415c8977c15db39d5939d23eff8ca77b1bf0b4b6aa14bcd2ff9b24bde46b79383f696c94f39eab17cc8909587b4

    • SSDEEP

      12288:hgD7oi4JVR7GiHZJUMY4qSl9rBQpVvFBuLBmIiPy0Kko1KTVFufFKHcqgEQX0ekt:c7o9PrBeVXoY76Nj3mJ

    Score
    3/10
    • Target

      vibrations/sultanas.cmd

    • Size

      237B

    • MD5

      62a73d5bec3d92a1162a134764215769

    • SHA1

      324635c14ebdcdc074afb7444900faade8715b74

    • SHA256

      93d1aa7ec63b29aa854f2887121880b5cbb49b118ae1fd2f3b9e7823b628b039

    • SHA512

      de42127ad0943fa5731e8394a5d6ce082c92fb5d070448b7afc042219b3e79626750030cc453890848b4b29ce65f6258b37a9ceb049e4e78ace2e13af7776f1b

    Score
    1/10
    • Target

      vibrations/thirstily.exe

    • Size

      1.6MB

    • MD5

      018796d4670ac12865be2f00382bbc8e

    • SHA1

      8564027153dca487eca613345ab3b2de0add4f26

    • SHA256

      22d1471ed17c681aa5580c59712005e1c70ef9c306cbcad245a64f7dfae47847

    • SHA512

      4edac00e0d19b439c300328bf4f7abc98cadfce0d7f4283f1c6278bec24d0ed7c2e51090a2e584a7a2a2e645e396a890d9589fe3f660fa73fc238a09d827bc7b

    • SSDEEP

      24576:qN2PGK9rDuNMZD22lHNFVntTX25fHSMv0UskeuzQU2z6IdcL6UCUK:qN2P39PuNYvlHTX2EMuZuzJ2z6nzK

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks