General

  • Target

    5NVZY.zip

  • Size

    1.6MB

  • Sample

    230223-t7a3maad7t

  • MD5

    ef0e48482a295bfc4e77ef57c415e74b

  • SHA1

    21a061c78ec0d9cb64cee6da182d7d70eec8cba6

  • SHA256

    76d70122713826c629065416346683ad535dc31154f452b58a318f3fef51e297

  • SHA512

    68d18d5989dc5b2b894d8b549b7ceef5ffd9d5dcbc3dc9992c3b6b04a2455fad4dd2d2057944eb36dc5061fdabd396b1358fee9eecaafecb7c392c51a0402896

  • SSDEEP

    49152:UNKfpmk/zQwfkEHrxoFOJdg5S7iLrRt3bdZcNny:5mk/zQekGxG24AarRt3bdaNy

Malware Config

Extracted

Family

qakbot

Version

404.9

Botnet

BB16

Campaign

1677046917

C2

47.21.51.138:443

72.80.7.6:50003

82.127.204.82:2222

49.175.72.56:443

201.244.108.183:995

122.184.143.82:443

102.156.253.86:443

74.58.71.237:443

47.21.51.138:995

77.86.98.236:443

71.31.101.183:443

136.232.184.134:995

86.225.214.138:2222

95.242.101.251:995

109.11.175.42:2222

90.78.138.217:2222

184.176.35.223:2222

35.143.97.145:995

202.186.177.88:443

114.79.180.14:995

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      RR.lnk

    • Size

      1KB

    • MD5

      f84141e41c4dcc09d303ba3de07b2a19

    • SHA1

      169972906d4f27e01ee45ef9d9dbc6257707d789

    • SHA256

      933441d30e7cb65fef914713b068d183cb856074f814df8553585e6cddbde7ec

    • SHA512

      bb66fa8bd8d97a0c9eab5d02ef6df1e52baa7e611f7ccc1f4c6ffd1e09deebedb2c3d11137b92bcb7142e4cfaf020daa697110ea8beeac32cc6106e2176d72e8

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      vibrations/sharper.cmd

    • Size

      253B

    • MD5

      d16d8b11dc5888b904fee5b06ae76e01

    • SHA1

      c5bd77b0aa87e5c6c59a6d274adafbdfb86a63f0

    • SHA256

      ac733c89b01ec344d7fcde28206a78fad3d65dba7033e02b9dc9ee2a89d4090b

    • SHA512

      e2a88259bf0eec44e0883e25a86dcedb1e3b25b4915c22a35fefb18c4fc5b87107763ed2fb3cf99ef06db790e35b5b3cb59e334ece78b9d5ffcbfed5db2cd7e9

    Score
    1/10
    • Target

      vibrations/slaughterhouse.exe

    • Size

      1.6MB

    • MD5

      018796d4670ac12865be2f00382bbc8e

    • SHA1

      8564027153dca487eca613345ab3b2de0add4f26

    • SHA256

      22d1471ed17c681aa5580c59712005e1c70ef9c306cbcad245a64f7dfae47847

    • SHA512

      4edac00e0d19b439c300328bf4f7abc98cadfce0d7f4283f1c6278bec24d0ed7c2e51090a2e584a7a2a2e645e396a890d9589fe3f660fa73fc238a09d827bc7b

    • SSDEEP

      24576:qN2PGK9rDuNMZD22lHNFVntTX25fHSMv0UskeuzQU2z6IdcL6UCUK:qN2P39PuNYvlHTX2EMuZuzJ2z6nzK

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks