General

  • Target

    9261229524.zip

  • Size

    1.3MB

  • Sample

    230223-jbj1jsfa99

  • MD5

    de77dbe6cc29fa6d6b05f81cdfa43a58

  • SHA1

    99687e88405065e4fb92c062057918c2b91decd2

  • SHA256

    9e73fbc799272df3a85b6ef77894b061d91e5214a67ed2f1dd8b91f981b57ac5

  • SHA512

    af71f77efcaf7aec4bca6abd873e26257041f322deac8deb83c4520845bc85e7dbe1f61b4d03b171f238391607c3244b27be30c83926eaded2143f33237537d6

  • SSDEEP

    24576:QSJHxGjVTp9h43u6DbJU+XcF+HKjVWQM8mV3wQjA3vECZ9EfFOEx6W:bJMjV9/wrDb2+0S2cQM93wQjA3DIT6W

Malware Config

Extracted

Family

qakbot

Version

404.9

Botnet

BB16

Campaign

1677046917

C2

47.21.51.138:443

72.80.7.6:50003

82.127.204.82:2222

49.175.72.56:443

201.244.108.183:995

122.184.143.82:443

102.156.253.86:443

74.58.71.237:443

47.21.51.138:995

77.86.98.236:443

71.31.101.183:443

136.232.184.134:995

86.225.214.138:2222

95.242.101.251:995

109.11.175.42:2222

90.78.138.217:2222

184.176.35.223:2222

35.143.97.145:995

202.186.177.88:443

114.79.180.14:995

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      RR.lnk

    • Size

      1KB

    • MD5

      40c516687897e29cc967eaafd7355a64

    • SHA1

      a68ca9733941ab3501a9c9baef7ec58587e79a45

    • SHA256

      0de89af6fa556b786c8de96fb3cfe96307ce8d8a14cef1fb6ca2f0d9e56be9b0

    • SHA512

      c23f88250532be801990b104d3e32ea8d3e4a55a20478599cbad9103d110c014156cd6b71fe262bea14d968fa71cc1b8ae7cf334a0df27bb887392ef31dbfa52

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      vibrations/circlets.exe

    • Size

      1.6MB

    • MD5

      018796d4670ac12865be2f00382bbc8e

    • SHA1

      8564027153dca487eca613345ab3b2de0add4f26

    • SHA256

      22d1471ed17c681aa5580c59712005e1c70ef9c306cbcad245a64f7dfae47847

    • SHA512

      4edac00e0d19b439c300328bf4f7abc98cadfce0d7f4283f1c6278bec24d0ed7c2e51090a2e584a7a2a2e645e396a890d9589fe3f660fa73fc238a09d827bc7b

    • SSDEEP

      24576:qN2PGK9rDuNMZD22lHNFVntTX25fHSMv0UskeuzQU2z6IdcL6UCUK:qN2P39PuNYvlHTX2EMuZuzJ2z6nzK

    Score
    1/10
    • Target

      vibrations/floodlight.cmd

    • Size

      239B

    • MD5

      4f4d7d05a2e6eac735471a6e31e435fc

    • SHA1

      998870f26d8ab35561ebdfcd90a6f2dd0a646b43

    • SHA256

      86117f16adb7a919d320c5a105099fbdb64a18274ba78bb33d5b072e6fa0fbfc

    • SHA512

      1f31f1bd645546295c545559d2fba033c039c9e2ca3a9bdb2b5545192cfa2c3aa3a2ceb9a3982652cf0f48bd801a72642753519fc02d6417f03dc4bd1f330f17

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks