General

  • Target

    665afc8f8b7972f427fe1bd90d263032.bin

  • Size

    469KB

  • Sample

    230601-bszhkacc9y

  • MD5

    e258a5d20b41a4fbc287b7dde0af5d88

  • SHA1

    94766aed86082ea3252d05f5d2ee0363d85bf624

  • SHA256

    eeec43b9c9e56c9dc7557d6765aecfd4ef82a71764d64ff831f67a7555374148

  • SHA512

    f012e62d3302264a9c5d89c84e7a6004e33e5b8a40e819680d6b884bc6302dd2310c4970a3275a788533d50928d2f6fab22aa4b74d238926529fb7055b020d20

  • SSDEEP

    12288:IJCSIHMb0M+cIbkgZ1q8lX3WtPN8QdNESFNCg3rBHVvDDCAZ8qFyw:I4dM+vbkgHq8l2x7dNlX3h7Hgw

Malware Config

Extracted

Family

qakbot

Version

404.1320

Botnet

obama265

Campaign

1685436052

C2

103.42.86.42:995

174.4.89.3:443

161.142.103.187:995

78.160.146.127:443

84.35.26.14:995

12.172.173.82:20

70.28.50.223:2078

124.149.143.189:2222

70.160.67.203:443

186.64.67.30:443

103.123.223.133:443

94.207.104.225:443

89.114.140.100:443

213.64.33.61:2222

86.176.144.234:2222

72.134.124.16:443

47.34.30.133:443

109.50.149.241:2222

85.104.105.67:443

81.111.108.123:443

Targets

    • Target

      d764436caf7114d880f982d208bd9514a433772dcac851f27c510d1597e26edd.msi

    • Size

      496KB

    • MD5

      665afc8f8b7972f427fe1bd90d263032

    • SHA1

      cc36e48f383750eb9416961b52ee3100b6e30688

    • SHA256

      d764436caf7114d880f982d208bd9514a433772dcac851f27c510d1597e26edd

    • SHA512

      d30110dc240790a1f0c15df31069d361f80df327c258dd3305e70eb9ee3814c285ab6290e88e4072b375f7dac3d183d22aba29cb94fdd7db937c4399c18ad37e

    • SSDEEP

      12288:vn+NgINNEcfjVRMigNFoILI8KviLjvhAN+S0w3:vnX9gjVRMDqH8fL1+35

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks