Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5q4psw.msi

  • Size

    496KB

  • Sample

    230530-zj95psca5x

  • MD5

    e35727b10193fe55df216a1f9d166997

  • SHA1

    9ddafa77fc9fdea0085e41aa0f3a1ee0d15d9c8a

  • SHA256

    696156d9a4117cba652b18b012db376fddfbd7db8b26a638c760d61b98d3590d

  • SHA512

    2bba74b0b7f5ee8509310030bb45def13b87394e55edf8d0e51595d6cc669f4b2c7497d95331c09c9f7b453f3c9acdeb03e41cd5e5dc14f9ecb9dd9f79d7ad8d

  • SSDEEP

    12288:wn+NgINNEcfjVRMigNFoILI8KviLjvhAol71Q:wnX9gjVRMDqH8fL154

Malware Config

Extracted

Family

qakbot

Version

404.1320

Botnet

obama265

Campaign

1685436052

C2

103.42.86.42:995

174.4.89.3:443

161.142.103.187:995

78.160.146.127:443

84.35.26.14:995

12.172.173.82:20

70.28.50.223:2078

124.149.143.189:2222

70.160.67.203:443

186.64.67.30:443

103.123.223.133:443

94.207.104.225:443

89.114.140.100:443

213.64.33.61:2222

86.176.144.234:2222

72.134.124.16:443

47.34.30.133:443

109.50.149.241:2222

85.104.105.67:443

81.111.108.123:443

Targets

    • Target

      5q4psw.msi

    • Size

      496KB

    • MD5

      e35727b10193fe55df216a1f9d166997

    • SHA1

      9ddafa77fc9fdea0085e41aa0f3a1ee0d15d9c8a

    • SHA256

      696156d9a4117cba652b18b012db376fddfbd7db8b26a638c760d61b98d3590d

    • SHA512

      2bba74b0b7f5ee8509310030bb45def13b87394e55edf8d0e51595d6cc669f4b2c7497d95331c09c9f7b453f3c9acdeb03e41cd5e5dc14f9ecb9dd9f79d7ad8d

    • SSDEEP

      12288:wn+NgINNEcfjVRMigNFoILI8KviLjvhAol71Q:wnX9gjVRMDqH8fL154

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks