General

  • Target

    e35727b10193fe55df216a1f9d166997.bin

  • Size

    469KB

  • Sample

    230601-b86ltacd7s

  • MD5

    6d099138bca6d563a18d7ad4e3a52dbc

  • SHA1

    4450166a7ac725c1ed80a79ce744e2aa2bb9971d

  • SHA256

    614c0d45e6384c2dc41e4003d86b6ef22cac5963756b5b07214d5399e7173d4c

  • SHA512

    2263e8b6d8554c8f96fdc55272b918bf8716a7a7499e47f52cd536483e02c0f6dcdc248118d737c8f1d5c05002109f60d029c8cea7956901fc54b09a3e2b6e3f

  • SSDEEP

    12288:N+Uu0ua/Z6REVC/vEFe2cKmpw+R22MUn8maHZyJ9Mrog:gg/Z6RrXEFFcvm3HUnvdJ9Fg

Malware Config

Extracted

Family

qakbot

Version

404.1320

Botnet

obama265

Campaign

1685436052

C2

103.42.86.42:995

174.4.89.3:443

161.142.103.187:995

78.160.146.127:443

84.35.26.14:995

12.172.173.82:20

70.28.50.223:2078

124.149.143.189:2222

70.160.67.203:443

186.64.67.30:443

103.123.223.133:443

94.207.104.225:443

89.114.140.100:443

213.64.33.61:2222

86.176.144.234:2222

72.134.124.16:443

47.34.30.133:443

109.50.149.241:2222

85.104.105.67:443

81.111.108.123:443

Targets

    • Target

      696156d9a4117cba652b18b012db376fddfbd7db8b26a638c760d61b98d3590d.msi

    • Size

      496KB

    • MD5

      e35727b10193fe55df216a1f9d166997

    • SHA1

      9ddafa77fc9fdea0085e41aa0f3a1ee0d15d9c8a

    • SHA256

      696156d9a4117cba652b18b012db376fddfbd7db8b26a638c760d61b98d3590d

    • SHA512

      2bba74b0b7f5ee8509310030bb45def13b87394e55edf8d0e51595d6cc669f4b2c7497d95331c09c9f7b453f3c9acdeb03e41cd5e5dc14f9ecb9dd9f79d7ad8d

    • SSDEEP

      12288:wn+NgINNEcfjVRMigNFoILI8KviLjvhAol71Q:wnX9gjVRMDqH8fL154

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks