General

  • Target

    Malware-1.zip

  • Size

    464KB

  • Sample

    230505-x56nasbd21

  • MD5

    8bfe9f5b7dfe730fb4a8ba7d66d0e0a3

  • SHA1

    3bb27b6d2e5b3e1a7dcecd4e6e68e0639b063992

  • SHA256

    dfc920de7e9fd8a1f186353f4477698f4ef985d9137b78ddb15a9365b4ddbb12

  • SHA512

    36c19c697f1dca8e29475903f6b9d6ce8e40cb71cf843eee6ea0a37d21276c9f525347fd04582381a371745220a0e2f00143d901fc2122ef4c31b73d9da053b6

  • SSDEEP

    12288:vaV8+hYJGklb69DDjkHcDmtBedaz5y49y:vEhwGub6Z3kHcDmtBZz5Fk

Malware Config

Extracted

Family

qakbot

Version

404.1035

Botnet

BB26

Campaign

1683279184

C2

27.109.19.90:2078

109.56.235.133:443

92.20.204.198:2222

98.145.23.67:443

50.68.204.71:995

151.55.186.41:443

12.172.173.82:21

70.28.50.223:3389

94.59.122.53:2222

12.172.173.82:32101

24.206.27.39:443

91.169.12.198:32100

12.172.173.82:993

2.82.8.80:443

104.35.24.154:443

5.30.216.183:443

50.68.204.71:443

12.172.173.82:995

103.140.174.20:2222

173.88.135.179:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Gruellings.englishedDuctal

    • Size

      914KB

    • MD5

      523cc56138abe3130a12aad573771714

    • SHA1

      8daed7acb98e3f055f1bed5a0d355a4a225f4c33

    • SHA256

      c52ba47d8a0aa3ba7829b0880ee17001f1a75b2988434ea8eb8e7a5ea8e5e3d7

    • SHA512

      479968fc5ffacd1f61c6f58ed03e6561bb007c4c8e985b98d20178e12d38b9a05d34e0818be214f56c5b178bc383f52c1b17feb8066952e70c6a79803925f83b

    • SSDEEP

      24576:xHA2XMYABs772W/8vLj/9sgR+OVnh8gt42vCkzeztwPOfQWyBZPPdhbBF91Xe9a:FMYABC8vLj/2jA8gxZPPdhbBP1O9a

    Score
    3/10
    • Target

      RunDLL-1.bat

    • Size

      44B

    • MD5

      f3a42431a41293fa888a61f615b70772

    • SHA1

      0c5db8e1f6d9f04109220c19b90e4fe7bbb931d3

    • SHA256

      66532c454244a439141008a2ffac93f9996a9c565a884c7f47d8a7357964293f

    • SHA512

      ddc9b32109f0be1b895be566820a90a48b4274334d0a4d911adf67347176ce9f05511effd27c8498179f9b2b6d7458e467768dceafe74c557ce3d53bce2ea19b

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks