General

  • Target

    church.dat

  • Size

    334KB

  • Sample

    230531-phay4seh43

  • MD5

    0180d7f0e8c6967adb022690ff83edfd

  • SHA1

    767d25fc2c4dabf80c3a440bba76368e758992f5

  • SHA256

    09ed2cf56af8385c87f297c2a4f168efdfc78434b8a42a9122328e775f5f0400

  • SHA512

    0e90871da08aae073a5c9fea4bb7624c97494e4ccae59eadd7e3032aaca4e52251e758631f2613bbbc2cf2d224c399f97733b4ccc2035bbc83f8f6df112d1afd

  • SSDEEP

    6144:ELh9nrxRw13UyU2G8g1QYYZTDt3n2x+Bdv5zsjiBsTYrPlUEYD/QzkRWAFctOp6k:mInTDtXF15zsjiyZ/0tSkStJB/ts

Malware Config

Extracted

Family

qakbot

Version

404.1320

Botnet

BB30

Campaign

1685526716

C2

198.2.51.242:993

88.126.94.4:50000

123.3.240.16:6881

183.87.163.165:443

27.99.32.26:2222

180.151.229.230:2078

27.109.19.90:2078

122.184.143.86:443

105.101.207.3:443

84.215.202.8:443

85.231.105.49:2222

12.172.173.82:995

184.181.75.148:443

72.134.124.16:443

149.74.159.67:2222

174.4.89.3:443

200.84.200.20:2222

223.166.13.95:995

69.133.162.35:443

80.12.88.148:2222

Targets

    • Target

      church.dat

    • Size

      334KB

    • MD5

      0180d7f0e8c6967adb022690ff83edfd

    • SHA1

      767d25fc2c4dabf80c3a440bba76368e758992f5

    • SHA256

      09ed2cf56af8385c87f297c2a4f168efdfc78434b8a42a9122328e775f5f0400

    • SHA512

      0e90871da08aae073a5c9fea4bb7624c97494e4ccae59eadd7e3032aaca4e52251e758631f2613bbbc2cf2d224c399f97733b4ccc2035bbc83f8f6df112d1afd

    • SSDEEP

      6144:ELh9nrxRw13UyU2G8g1QYYZTDt3n2x+Bdv5zsjiBsTYrPlUEYD/QzkRWAFctOp6k:mInTDtXF15zsjiyZ/0tSkStJB/ts

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks