General

  • Target

    j.bin

  • Size

    250KB

  • Sample

    230504-mdm2rsbf54

  • MD5

    d130a0dad5572e8dc5ac86abf34a31af

  • SHA1

    fcd31ef7b3b30dca5fc3878196cfeaa6fbc0d54a

  • SHA256

    3c482bd0519602bcf8187b620726c996e29f167bc30ff651336f2984bad80bef

  • SHA512

    54029fc6461b010423a2962d9fffe9cb0a95b26cc430f4d90ad1b73a073405ef9970a21c112136c748325483981f86388a5a7b5cfe919288847b4a27c1dbbd98

  • SSDEEP

    6144:SsUG4yxNqItF5W9XncaWDAdjaTNc8Qs3Az0tDCFHyHQT3JkYVU0ZIf2Bqp:Ssd4VItpkdjSe0AFHyw+0ZHq

Malware Config

Extracted

Family

qakbot

Version

404.1035

Botnet

BB26

Campaign

1683182516

C2

47.199.241.39:443

98.176.5.56:443

93.150.183.229:2222

184.176.35.223:2222

75.143.236.149:443

14.192.241.76:995

92.1.170.110:995

73.29.92.128:443

184.153.132.82:443

201.244.108.183:995

92.188.241.102:443

83.114.60.6:2222

86.130.9.128:2222

86.250.12.86:2222

47.21.51.138:443

108.190.115.159:443

98.19.224.125:995

147.147.30.126:2222

12.172.173.82:465

92.149.250.113:2222

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      j.bin

    • Size

      250KB

    • MD5

      d130a0dad5572e8dc5ac86abf34a31af

    • SHA1

      fcd31ef7b3b30dca5fc3878196cfeaa6fbc0d54a

    • SHA256

      3c482bd0519602bcf8187b620726c996e29f167bc30ff651336f2984bad80bef

    • SHA512

      54029fc6461b010423a2962d9fffe9cb0a95b26cc430f4d90ad1b73a073405ef9970a21c112136c748325483981f86388a5a7b5cfe919288847b4a27c1dbbd98

    • SSDEEP

      6144:SsUG4yxNqItF5W9XncaWDAdjaTNc8Qs3Az0tDCFHyHQT3JkYVU0ZIf2Bqp:Ssd4VItpkdjSe0AFHyw+0ZHq

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks