General

  • Target

    agfINAaJSdj4m12.tmp

  • Size

    332KB

  • Sample

    230503-vg83eafe32

  • MD5

    4e561c4d6883e744d26cc8db8935e8b0

  • SHA1

    a84ef304f198e971297dc001cc285b0e2cdd9401

  • SHA256

    e06e8f1a93fc063e001a54de629f0a6953d9d2e948e4d6f7b896c115c2e19fab

  • SHA512

    940d531d58fb52e354a871141224ffff4941e4ef166f1a86f491df0c9836184c9d6e50dc073565bd200d2421773254f466f0bf8064ab095ced955588ecd5c87e

  • SSDEEP

    6144:HGttsygB2RWc0sVk5k6A4s9FGMReiD4DmEk5cci4j5zLgSdsW:mttsygB2RWc0sV6k6AbDGSPzqciwpPd

Malware Config

Extracted

Family

qakbot

Version

404.1035

Botnet

obama260

Campaign

1683106224

C2

74.92.243.115:50000

198.2.51.242:993

75.98.154.19:443

88.126.94.4:50000

24.69.137.232:2222

173.184.44.185:443

47.205.25.170:443

197.94.78.32:443

144.64.226.144:443

12.172.173.82:995

139.226.47.229:995

217.55.0.153:995

76.86.31.59:443

86.140.160.231:2222

174.4.89.3:443

197.2.249.187:443

12.172.173.82:21

173.88.135.179:443

2.82.8.80:443

100.6.31.96:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      agfINAaJSdj4m12.tmp

    • Size

      332KB

    • MD5

      4e561c4d6883e744d26cc8db8935e8b0

    • SHA1

      a84ef304f198e971297dc001cc285b0e2cdd9401

    • SHA256

      e06e8f1a93fc063e001a54de629f0a6953d9d2e948e4d6f7b896c115c2e19fab

    • SHA512

      940d531d58fb52e354a871141224ffff4941e4ef166f1a86f491df0c9836184c9d6e50dc073565bd200d2421773254f466f0bf8064ab095ced955588ecd5c87e

    • SSDEEP

      6144:HGttsygB2RWc0sVk5k6A4s9FGMReiD4DmEk5cci4j5zLgSdsW:mttsygB2RWc0sV6k6AbDGSPzqciwpPd

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks