General

  • Target

    ab8ef3423324168d06b2d122f75ca130.bin

  • Size

    477KB

  • Sample

    230601-b2bg4abh84

  • MD5

    e7488fad9e2daa0c5519898a13bf82f3

  • SHA1

    528f25784debf71fb5f3025cf1f43b341aa87915

  • SHA256

    6bb1391c0f0d353ed1265459816bd7f6a0f7189df50e6cb80c2ce78faad2f836

  • SHA512

    33a2f935688e495f9e14e9967d89b04e52dda6bb6e5af89b33fbcb7361aa6e7f2196afcbacfe80faea801c5197ef5f9bd981f79c1c7a73f1c7b60af43f3cd621

  • SSDEEP

    12288:zHpajZMYLEcwL88ssAohPiriqtCv5qfADk:rpaRLEHPxdqXgk

Malware Config

Extracted

Family

qakbot

Version

404.1320

Botnet

BB30

Campaign

1685433861

C2

12.172.173.82:50001

178.175.187.254:443

65.95.141.84:2222

205.237.67.69:995

83.110.223.61:443

193.253.100.236:2222

27.0.48.233:443

102.159.188.125:443

71.38.155.217:443

58.186.75.42:443

76.178.148.107:2222

70.28.50.223:2087

114.143.176.236:443

51.14.29.227:2222

59.28.84.65:443

173.88.135.179:443

103.144.201.56:2078

96.87.28.170:2222

105.186.128.181:995

176.142.207.63:443

Targets

    • Target

      4e70da2d2efc833eb5c450c9f82aaa7d433e31e39dc4ec36ca3c5ddde0f4dc00.msi

    • Size

      504KB

    • MD5

      ab8ef3423324168d06b2d122f75ca130

    • SHA1

      a7e273ddd7cdf303e366cba16abfd4c3966f2cf6

    • SHA256

      4e70da2d2efc833eb5c450c9f82aaa7d433e31e39dc4ec36ca3c5ddde0f4dc00

    • SHA512

      8aada720840a74a361d92db1174d3ae8119ff2f70903a396bc0ae60acfdfdf5d7fb781315b155f0b507b7b260a3f4ff8435dc9ba13e05f1547f2abea0c7da220

    • SSDEEP

      6144:jESkw7402pCiyBH6DlIxtWb9jOyHLmsjzcGet8Rghs0O892YptgrGzjkacDO+cDb:3kdiMHHLmKzQ8tfacDO+wVydjSavjQ

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks