General

  • Target

    chocolate.dat

  • Size

    939KB

  • Sample

    230531-fa6ldacg92

  • MD5

    be5d1d733cfe70f3356fe35c0373c9b5

  • SHA1

    e910d525895dbddb10d991489644df3fd03d794d

  • SHA256

    d1c19cd299c89a7e034174bd057d8547bdafd680809299ffb5d7ddf8ca6bd1ae

  • SHA512

    c8eebb813c6de8f1eb1952981820f080ce1bf663d10741db02827c6017908ef54e9e68d5c00c30afc6fe966af12b56010f87a0313a76dbdd47bdfc2d412e7e69

  • SSDEEP

    24576:D7AkdHt+UnNtqbVotX4Dw/9JGCZdBK/+NYouXFPn/yd4d:DZ8RDwlJGoY7Xd

Malware Config

Extracted

Family

qakbot

Version

404.1320

Botnet

BB30

Campaign

1685433861

C2

12.172.173.82:50001

178.175.187.254:443

65.95.141.84:2222

205.237.67.69:995

83.110.223.61:443

193.253.100.236:2222

27.0.48.233:443

102.159.188.125:443

71.38.155.217:443

58.186.75.42:443

76.178.148.107:2222

70.28.50.223:2087

114.143.176.236:443

51.14.29.227:2222

59.28.84.65:443

173.88.135.179:443

103.144.201.56:2078

96.87.28.170:2222

105.186.128.181:995

176.142.207.63:443

Targets

    • Target

      chocolate.dat

    • Size

      939KB

    • MD5

      be5d1d733cfe70f3356fe35c0373c9b5

    • SHA1

      e910d525895dbddb10d991489644df3fd03d794d

    • SHA256

      d1c19cd299c89a7e034174bd057d8547bdafd680809299ffb5d7ddf8ca6bd1ae

    • SHA512

      c8eebb813c6de8f1eb1952981820f080ce1bf663d10741db02827c6017908ef54e9e68d5c00c30afc6fe966af12b56010f87a0313a76dbdd47bdfc2d412e7e69

    • SSDEEP

      24576:D7AkdHt+UnNtqbVotX4Dw/9JGCZdBK/+NYouXFPn/yd4d:DZ8RDwlJGoY7Xd

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks