Resubmissions

21-03-2023 19:16

230321-xy85vaef5v 10

20-03-2023 13:11

230320-qe1wssff5y 10

18-03-2023 21:47

230318-1nafbadh22 10

General

  • Target

    62b038f2dc2ab995d036930a2eaa5f2dc67fb0ab884459d3fa6df653eec307e1

  • Size

    337KB

  • Sample

    230321-xy85vaef5v

  • MD5

    1bcb097de905cbe1e9fc9683e1dea036

  • SHA1

    df042b4a2c65a0d761f93baeb8ee4d06fbd33229

  • SHA256

    62b038f2dc2ab995d036930a2eaa5f2dc67fb0ab884459d3fa6df653eec307e1

  • SHA512

    89f6de104a2dd12040492d8836ac1819a4f857c4e6554848b68d5ca51fe7b2bd5d860403954af45a67cad42bc9909ef94fa9175e20580cfe5c6a8d14d2386b29

  • SSDEEP

    6144:BTfmt7eZAPOyKmLrLqGvHr0nNK11G9DMQyaViFwRun:Bbi7/xZrkNK11G9AQyOi6Q

Malware Config

Extracted

Family

qakbot

Version

401.51

Botnet

abc106m

Campaign

1606921461

C2

94.69.242.254:2222

189.140.45.48:995

37.182.244.124:2222

73.136.242.114:443

187.149.126.53:443

189.210.115.207:443

96.27.47.70:2222

185.163.221.77:2222

85.132.36.111:2222

178.87.10.110:443

120.150.218.241:995

68.224.121.148:993

78.101.145.96:61201

47.146.34.236:443

24.95.61.62:443

72.29.181.78:2222

93.113.177.152:443

87.218.53.206:2222

106.51.85.162:443

2.90.33.130:443

Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      62b038f2dc2ab995d036930a2eaa5f2dc67fb0ab884459d3fa6df653eec307e1

    • Size

      337KB

    • MD5

      1bcb097de905cbe1e9fc9683e1dea036

    • SHA1

      df042b4a2c65a0d761f93baeb8ee4d06fbd33229

    • SHA256

      62b038f2dc2ab995d036930a2eaa5f2dc67fb0ab884459d3fa6df653eec307e1

    • SHA512

      89f6de104a2dd12040492d8836ac1819a4f857c4e6554848b68d5ca51fe7b2bd5d860403954af45a67cad42bc9909ef94fa9175e20580cfe5c6a8d14d2386b29

    • SSDEEP

      6144:BTfmt7eZAPOyKmLrLqGvHr0nNK11G9DMQyaViFwRun:Bbi7/xZrkNK11G9AQyOi6Q

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • qakbotty

      qakbotty triage.

    • test_1

      big_bla.

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks