General

  • Target

    Malware.zip

  • Size

    464KB

  • Sample

    230505-vyl9zadf2x

  • MD5

    c11a169b860bbf491e0e70de4789b8c3

  • SHA1

    17638e9fd92ed3afe5fac62b0a2e7cf2b2298f98

  • SHA256

    f4802cf836fb00e8a4ea6062b91760c52a61972e1536024bc8d87cc3808cc4c6

  • SHA512

    11ba3bfc4a138d9119875f462725d5cfff682957229ea8d39b86be92c3d9c4a209ec01a6f242ba65a83946c04c8d8a5747e0082189aa6ea5d9a152251188e510

  • SSDEEP

    12288:8aV8+hYJGklb69DDjkHcDmtBedaz5y4enE:8EhwGub6Z3kHcDmtBZz5FSE

Malware Config

Extracted

Family

qakbot

Version

404.1035

Botnet

BB26

Campaign

1683279184

C2

27.109.19.90:2078

109.56.235.133:443

92.20.204.198:2222

98.145.23.67:443

50.68.204.71:995

151.55.186.41:443

12.172.173.82:21

70.28.50.223:3389

94.59.122.53:2222

12.172.173.82:32101

24.206.27.39:443

91.169.12.198:32100

12.172.173.82:993

2.82.8.80:443

104.35.24.154:443

5.30.216.183:443

50.68.204.71:443

12.172.173.82:995

103.140.174.20:2222

173.88.135.179:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      RunDLL-1.bat

    • Size

      37B

    • MD5

      f2d66627c4d0151ec2faaad5d6a6192a

    • SHA1

      275516472743639d71b09c7ca6f39f03aaebe317

    • SHA256

      4a9aca6d85d853aaea471af748a67e56a187a2cdc31b80a95f222763833e97be

    • SHA512

      aac3b89f1f1c2691ce032f8d5d22685f4d5090bbf684ad128a6c9d0018b793df63d04c6d5bb1b217bd542520b5cf2a0a2b33873e39f99943ad45767063fa297a

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Blocklisted process makes network request

    • Target

      pentaphylax.epopee

    • Size

      904KB

    • MD5

      f7347e5114666cf7da420417092b3987

    • SHA1

      055d1c60dc2b12f0836b77957417e3466a030fa7

    • SHA256

      00fe428195ff6b054f43358959a1dcd8198747ff310c59c40a37d264ebeddfa1

    • SHA512

      84482d2a78a4cee6295f737951f3b9ad480e235b77e4f06332a8378530e84a47197f2b0ecc5c5bded7a268bd7d49c398f850b57c76e804e777ccebad734d9556

    • SSDEEP

      24576:xHA2XMYABs772W/8vLj/9sgR+OVnh8gt42vCkzeztwPOfQWyBZPPdhbBF91Xe95:FMYABC8vLj/2jA8gxZPPdhbBP1O95

    Score
    3/10

MITRE ATT&CK Enterprise v6

Tasks