General

  • Target

    Dichromate.We

  • Size

    436KB

  • Sample

    230516-m5hlcshd9v

  • MD5

    af9e73703dcd0e7d15220e50ddbae040

  • SHA1

    89ebf8a22a7598c3c2944abec632ecc98b5d820c

  • SHA256

    2a67566a8aec9d59a72cb243c7fb719085e209f0489077230f857afa1e8ad7fb

  • SHA512

    24cbfe744339f600538a14a98dd62d9b46c667af0e9a249601731491d01a190a58986a96eab11c449e28fcd080cf7b6156f447dd2b6a09a18846b7a6c78df0aa

  • SSDEEP

    12288:UZcUmGsWdw0HCXs2rdu5B/WAN7rkKFoy1Q4PQX/7r2cEfarryCf82XRf5/HPjek0:sXYa2ywryCf82XRf5Kdo+mmtL

Malware Config

Extracted

Family

qakbot

Version

404.1038

Botnet

BB28

Campaign

1684145503

C2

74.33.196.114:443

108.190.115.159:443

47.21.51.138:443

76.16.49.134:443

113.11.92.30:443

98.19.234.243:995

197.14.208.59:443

88.126.94.4:50000

24.69.137.232:2222

70.28.50.223:32100

184.176.35.223:2222

12.172.173.82:50001

87.202.101.164:50000

70.28.50.223:2087

75.109.111.89:443

86.130.9.227:2222

12.172.173.82:32101

70.28.50.223:3389

80.12.88.148:2222

174.118.68.176:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Dichromate.We

    • Size

      436KB

    • MD5

      af9e73703dcd0e7d15220e50ddbae040

    • SHA1

      89ebf8a22a7598c3c2944abec632ecc98b5d820c

    • SHA256

      2a67566a8aec9d59a72cb243c7fb719085e209f0489077230f857afa1e8ad7fb

    • SHA512

      24cbfe744339f600538a14a98dd62d9b46c667af0e9a249601731491d01a190a58986a96eab11c449e28fcd080cf7b6156f447dd2b6a09a18846b7a6c78df0aa

    • SSDEEP

      12288:UZcUmGsWdw0HCXs2rdu5B/WAN7rkKFoy1Q4PQX/7r2cEfarryCf82XRf5/HPjek0:sXYa2ywryCf82XRf5Kdo+mmtL

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks