General

  • Target

    2SLQK.zip

  • Size

    1.6MB

  • Sample

    230223-vwdj2sgf52

  • MD5

    0354cffeb4be5d89a11d18c30a252f1f

  • SHA1

    d578e0e1336a1c7b7eed30e30d4c78c95885085f

  • SHA256

    b476805c9c60951605cfa1e4afff65d7abf8a87cbda40967240a27bf11581f5e

  • SHA512

    bf2889a6e8e07965d11e8d769eeaea3b45c8cb3cd5dcb94fd8821bbf87d31aeacd25e912d16b55e7403a1edb9256bd0207a851d2eb93613a21bab1247e2aa493

  • SSDEEP

    24576:xzCdb+58qIHIICNsD4IVBT9IALyKBC5TQpLmKBM+m/2/FNUWxt:xzI+bfNscIrycC5T4LmZ+m+HUWD

Malware Config

Extracted

Family

qakbot

Version

404.9

Botnet

BB16

Campaign

1677046917

C2

47.21.51.138:443

72.80.7.6:50003

82.127.204.82:2222

49.175.72.56:443

201.244.108.183:995

122.184.143.82:443

102.156.253.86:443

74.58.71.237:443

47.21.51.138:995

77.86.98.236:443

71.31.101.183:443

136.232.184.134:995

86.225.214.138:2222

95.242.101.251:995

109.11.175.42:2222

90.78.138.217:2222

184.176.35.223:2222

35.143.97.145:995

202.186.177.88:443

114.79.180.14:995

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      RR.lnk

    • Size

      1KB

    • MD5

      868df57f52ae2747ea09209471d2834d

    • SHA1

      88aec1fdac81cbb3ed26bdaa081198925656cccd

    • SHA256

      879874d944736d21ae4242a98874ead3a6f6a1312eb0bcea2bb6ebe80439b730

    • SHA512

      c7886c9d087250cd07c54ed6474f668f1375439c3fe0a719eb8e9d4b4d908d97a4fea7ef15aa6b01af2827c471c4f9d30c443a9f408f261c8ad88ab73bd6b016

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      vibrations/drowsily.cmd

    • Size

      249B

    • MD5

      e5ef316e80b3d058b98109d2576f6ea7

    • SHA1

      1212645fc1b901049ba3449de2236d9bbad317f7

    • SHA256

      8437edeafeb11ace7bf06c1386269825ece12bfeb7968741dba17af2bd31ca39

    • SHA512

      a6ab5f2e18efde360f09063d7d4a0d6ba458ce67e448282954e7c654f7e01baa1f7c6466c326ff2f215c0027e9f4f2f7d4d91b65bac49024fd0f48f34c49cc57

    Score
    1/10
    • Target

      vibrations/fragrances.exe

    • Size

      1.6MB

    • MD5

      018796d4670ac12865be2f00382bbc8e

    • SHA1

      8564027153dca487eca613345ab3b2de0add4f26

    • SHA256

      22d1471ed17c681aa5580c59712005e1c70ef9c306cbcad245a64f7dfae47847

    • SHA512

      4edac00e0d19b439c300328bf4f7abc98cadfce0d7f4283f1c6278bec24d0ed7c2e51090a2e584a7a2a2e645e396a890d9589fe3f660fa73fc238a09d827bc7b

    • SSDEEP

      24576:qN2PGK9rDuNMZD22lHNFVntTX25fHSMv0UskeuzQU2z6IdcL6UCUK:qN2P39PuNYvlHTX2EMuZuzJ2z6nzK

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks