General

  • Target

    createmes.png

  • Size

    358KB

  • Sample

    230515-txkjbaeg5x

  • MD5

    8209f58408dc4a7d9327fd93b6cbc914

  • SHA1

    0adb49d1e1e247b74ef274845b96468b7ff8a383

  • SHA256

    d060cc5579b0afd0d753487431d06dbcc68c085f081f81bf87bcb82519d51de8

  • SHA512

    061b653623f93bcdc2a56aeee234755011b03e78cf48fd1265e7e819874959d2748ba15095fff7210d833e7bc05e26041e597cdb76060995b14369c31b97184b

  • SSDEEP

    6144:C/D0Hb7UDqr1yb1tux77q/Mt12SF7GhUdHMGMIvHQrx77QxxgHb9VnpTBJgXeJ20:gD0Hb7L1yb1tux77q/MW6uIvwN77cgHl

Malware Config

Extracted

Family

qakbot

Version

404.1038

Botnet

BB28

Campaign

1684145503

C2

74.33.196.114:443

108.190.115.159:443

47.21.51.138:443

76.16.49.134:443

113.11.92.30:443

98.19.234.243:995

197.14.208.59:443

88.126.94.4:50000

24.69.137.232:2222

70.28.50.223:32100

184.176.35.223:2222

12.172.173.82:50001

87.202.101.164:50000

70.28.50.223:2087

75.109.111.89:443

86.130.9.227:2222

12.172.173.82:32101

70.28.50.223:3389

80.12.88.148:2222

174.118.68.176:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      createmes.png

    • Size

      358KB

    • MD5

      8209f58408dc4a7d9327fd93b6cbc914

    • SHA1

      0adb49d1e1e247b74ef274845b96468b7ff8a383

    • SHA256

      d060cc5579b0afd0d753487431d06dbcc68c085f081f81bf87bcb82519d51de8

    • SHA512

      061b653623f93bcdc2a56aeee234755011b03e78cf48fd1265e7e819874959d2748ba15095fff7210d833e7bc05e26041e597cdb76060995b14369c31b97184b

    • SSDEEP

      6144:C/D0Hb7UDqr1yb1tux77q/Mt12SF7GhUdHMGMIvHQrx77QxxgHb9VnpTBJgXeJ20:gD0Hb7L1yb1tux77q/MW6uIvwN77cgHl

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks