General

  • Target

    msfilter.dll

  • Size

    918KB

  • Sample

    230505-vebn5abe69

  • MD5

    9e4c0432e8b6319ca73156e25ebf9af7

  • SHA1

    aa073fee00b236828f30f4bb93383bda2a21665d

  • SHA256

    5d86471bf31c54cb33f6623b60a384b4d0a783f72ad57724d6f9df250cd9ffc8

  • SHA512

    89b18549bb11fa663dcc0fdc5c92974bdb029760ebbce25f95b3c7ab5cb3f762929a0d525401ff65a2793b9645bff392b3b57ee0d4160cf9452ba7c86373ca2f

  • SSDEEP

    24576:xHA2XMYABs772W/8vLj/9sgR+OVnh8gt42vCkzeztwPOfQWyBZPPdhbBF91Xe9I:FMYABC8vLj/2jA8gxZPPdhbBP1O9I

Malware Config

Extracted

Family

qakbot

Version

404.1035

Botnet

BB26

Campaign

1683279184

C2

27.109.19.90:2078

109.56.235.133:443

92.20.204.198:2222

98.145.23.67:443

50.68.204.71:995

151.55.186.41:443

12.172.173.82:21

70.28.50.223:3389

94.59.122.53:2222

12.172.173.82:32101

24.206.27.39:443

91.169.12.198:32100

12.172.173.82:993

2.82.8.80:443

104.35.24.154:443

5.30.216.183:443

50.68.204.71:443

12.172.173.82:995

103.140.174.20:2222

173.88.135.179:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      msfilter.dll

    • Size

      918KB

    • MD5

      9e4c0432e8b6319ca73156e25ebf9af7

    • SHA1

      aa073fee00b236828f30f4bb93383bda2a21665d

    • SHA256

      5d86471bf31c54cb33f6623b60a384b4d0a783f72ad57724d6f9df250cd9ffc8

    • SHA512

      89b18549bb11fa663dcc0fdc5c92974bdb029760ebbce25f95b3c7ab5cb3f762929a0d525401ff65a2793b9645bff392b3b57ee0d4160cf9452ba7c86373ca2f

    • SSDEEP

      24576:xHA2XMYABs772W/8vLj/9sgR+OVnh8gt42vCkzeztwPOfQWyBZPPdhbBF91Xe9I:FMYABC8vLj/2jA8gxZPPdhbBP1O9I

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks