General

  • Target

    2222.dat

  • Size

    899KB

  • Sample

    230505-pyel8sce3t

  • MD5

    276f3f991070a3da6417559e272fa90a

  • SHA1

    cbba7c118260866421f4aabb4c8a01e792f38849

  • SHA256

    5352e202db4220ed8d2dcfa90e2508a5581814d3d02aac81d77a5dc4bc47631a

  • SHA512

    4b94b6a8ed78af79d1bbe7fcc0e6800a948d461d709343bb86a4430455c98cdf12e7cc78ffe646b0c334277608538f9366a0c16b1078cc9298c40467b5236fb5

  • SSDEEP

    24576:sHA2XMYABs772W/8vLc/9sgR+OVnh8gt42vCkzeztwPOfQWy5UuxVFLqs2:UMYABC8vLc/2jA8gpUuxVFLqd

Malware Config

Extracted

Family

qakbot

Version

404.1035

Botnet

obama261

Campaign

1683268508

C2

174.4.89.3:443

23.30.173.133:443

70.51.136.238:2222

68.173.170.110:8443

47.21.51.138:443

70.64.77.115:443

76.16.49.134:443

64.121.161.102:443

108.190.115.159:443

98.19.224.125:995

12.172.173.82:465

147.219.4.194:443

86.250.12.86:2222

188.176.171.3:443

88.126.94.4:50000

87.202.101.164:50000

74.92.243.115:50000

98.176.5.56:443

198.2.51.242:993

75.98.154.19:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      2222.dat

    • Size

      899KB

    • MD5

      276f3f991070a3da6417559e272fa90a

    • SHA1

      cbba7c118260866421f4aabb4c8a01e792f38849

    • SHA256

      5352e202db4220ed8d2dcfa90e2508a5581814d3d02aac81d77a5dc4bc47631a

    • SHA512

      4b94b6a8ed78af79d1bbe7fcc0e6800a948d461d709343bb86a4430455c98cdf12e7cc78ffe646b0c334277608538f9366a0c16b1078cc9298c40467b5236fb5

    • SSDEEP

      24576:sHA2XMYABs772W/8vLc/9sgR+OVnh8gt42vCkzeztwPOfQWy5UuxVFLqs2:UMYABC8vLc/2jA8gpUuxVFLqd

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks