General

  • Target

    6e455732e3498ab361f8eb133a618acf.zip

  • Size

    1.6MB

  • Sample

    230223-v6xqnsae8w

  • MD5

    6e455732e3498ab361f8eb133a618acf

  • SHA1

    6ff8947b6c9aaf23377fd59c945eaf924320759d

  • SHA256

    8a99bfa47406e68137b6359ebc65644521971e38d0281b510383d46cb0f48667

  • SHA512

    f038bbdbada6feaaec72b4436446fd5a75c3a0dc81efacc7cca32182f8f43604dbea4e0ca44862805a1e3d235ef60f9d0f477ed19f77c373cecd72e24613f8d4

  • SSDEEP

    24576:V+XGH/U29Yc05ka9yeP5bcwjyBYmk49My2dbsa26yTpqFj6nB+xYyQ5f:V+R22x35bcJYmk4GymsL6y1ZYx85f

Malware Config

Extracted

Family

qakbot

Version

404.9

Botnet

BB16

Campaign

1677046917

C2

47.21.51.138:443

72.80.7.6:50003

82.127.204.82:2222

49.175.72.56:443

201.244.108.183:995

122.184.143.82:443

102.156.253.86:443

74.58.71.237:443

47.21.51.138:995

77.86.98.236:443

71.31.101.183:443

136.232.184.134:995

86.225.214.138:2222

95.242.101.251:995

109.11.175.42:2222

90.78.138.217:2222

184.176.35.223:2222

35.143.97.145:995

202.186.177.88:443

114.79.180.14:995

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      RR.lnk

    • Size

      1KB

    • MD5

      5df7c9681134ae5a2ff47def8c5410c2

    • SHA1

      522fc206b55811fa17c3c9bed32ef5fda4b7db5a

    • SHA256

      08dd1fc00287010788ffb60f6732feaf7bb1f0553c4e6362a128e98bc0a78b21

    • SHA512

      0f6fd6b5bc25f9395579df7dfb619b509f8e0045a6479d3bba1a31ac2c2c4f93782a8e47ce656e376ce7aecbcb18fd8d85c0883d5f6ed308fe49e2a96357a170

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      vibrations/bragged.cmd

    • Size

      238B

    • MD5

      f5d11bc4a13da360c4aa67b5f72f53f2

    • SHA1

      56c23487a6d6980e2c82fd031f89c0f2a068991e

    • SHA256

      9f3fa14e14e26d51278933ce2176ada142c75d423591b8a036b16946bf6e0b8e

    • SHA512

      de128e9eef893fef7af3afb0aa5c56c14e33f907a60bcd9f1e90681f7642932cfcc988655244dc49e30b88ee7611b2d14c99f6a95954bdd7f2114ec9e8562bdf

    Score
    1/10
    • Target

      vibrations/disjunctor.exe

    • Size

      1.6MB

    • MD5

      018796d4670ac12865be2f00382bbc8e

    • SHA1

      8564027153dca487eca613345ab3b2de0add4f26

    • SHA256

      22d1471ed17c681aa5580c59712005e1c70ef9c306cbcad245a64f7dfae47847

    • SHA512

      4edac00e0d19b439c300328bf4f7abc98cadfce0d7f4283f1c6278bec24d0ed7c2e51090a2e584a7a2a2e645e396a890d9589fe3f660fa73fc238a09d827bc7b

    • SSDEEP

      24576:qN2PGK9rDuNMZD22lHNFVntTX25fHSMv0UskeuzQU2z6IdcL6UCUK:qN2P39PuNYvlHTX2EMuZuzJ2z6nzK

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks