General

  • Target

    Electrooptic.vasework

  • Size

    361KB

  • Sample

    230515-rksm2seb8v

  • MD5

    5617e216f11b7f78be096bf0d608111a

  • SHA1

    1cf3500b6329b554dda7cf6d6b48e40bf7687d4b

  • SHA256

    c3154305a7a9afec457a720f8c3300027052efdb0c4bfe6abf967faa3e4eecf0

  • SHA512

    e11eb199cc434b12641f6342a1f4c9ef1d2c94d01219f117e5d79a585e72568b1854734747ed8db2ca9f324a5991b85b9ca85ba8d8f19129921e3f678e2b15a9

  • SSDEEP

    6144:q/D0Hb7UDqr1yb1tux77q/Mt12SF7GhUdHMGMIvtx77QxxgHb9VnpTBJsp3zruNr:4D0Hb7L1yb1tux77q/MW6uIvr77cgHHP

Malware Config

Extracted

Family

qakbot

Version

404.1038

Botnet

BB28

Campaign

1684145503

C2

74.33.196.114:443

108.190.115.159:443

47.21.51.138:443

76.16.49.134:443

113.11.92.30:443

98.19.234.243:995

197.14.208.59:443

88.126.94.4:50000

24.69.137.232:2222

70.28.50.223:32100

184.176.35.223:2222

12.172.173.82:50001

87.202.101.164:50000

70.28.50.223:2087

75.109.111.89:443

86.130.9.227:2222

12.172.173.82:32101

70.28.50.223:3389

80.12.88.148:2222

174.118.68.176:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Electrooptic.vasework

    • Size

      361KB

    • MD5

      5617e216f11b7f78be096bf0d608111a

    • SHA1

      1cf3500b6329b554dda7cf6d6b48e40bf7687d4b

    • SHA256

      c3154305a7a9afec457a720f8c3300027052efdb0c4bfe6abf967faa3e4eecf0

    • SHA512

      e11eb199cc434b12641f6342a1f4c9ef1d2c94d01219f117e5d79a585e72568b1854734747ed8db2ca9f324a5991b85b9ca85ba8d8f19129921e3f678e2b15a9

    • SSDEEP

      6144:q/D0Hb7UDqr1yb1tux77q/Mt12SF7GhUdHMGMIvtx77QxxgHb9VnpTBJsp3zruNr:4D0Hb7L1yb1tux77q/MW6uIvr77cgHHP

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks