General

  • Target

    parachute.dat

  • Size

    362KB

  • Sample

    230601-hzev3ada87

  • MD5

    637a93e696044ba0dc752d4611c83955

  • SHA1

    b34d01c283978871d8370f11c5747c25dd678931

  • SHA256

    9d5a6f8128c1aa59e04a4a32817f505be6fbdce63e5dd70f12706b587790b5a0

  • SHA512

    9b74c6326a8aa72ef3c2af3d8882231d87f7c3300f6214658ae6a92706cba259a90d02eac653618b2ede4f16800392639a89b5bed3d715a3986572e7f2d1d55e

  • SSDEEP

    6144:PLh9nrxRw13UyU2G8g1QYYZTDt3n2x+Bdv5zs7iBsTYrPlUEYD/QzkRWAFctOp6E:TInTDtXF15zs7iyZ/0tUS1CU3BJbwP

Malware Config

Extracted

Family

qakbot

Version

404.1320

Botnet

BB30

Campaign

1685526716

C2

198.2.51.242:993

88.126.94.4:50000

123.3.240.16:6881

183.87.163.165:443

27.99.32.26:2222

180.151.229.230:2078

27.109.19.90:2078

122.184.143.86:443

105.101.207.3:443

84.215.202.8:443

85.231.105.49:2222

12.172.173.82:995

184.181.75.148:443

72.134.124.16:443

149.74.159.67:2222

174.4.89.3:443

200.84.200.20:2222

223.166.13.95:995

69.133.162.35:443

80.12.88.148:2222

Targets

    • Target

      parachute.dat

    • Size

      362KB

    • MD5

      637a93e696044ba0dc752d4611c83955

    • SHA1

      b34d01c283978871d8370f11c5747c25dd678931

    • SHA256

      9d5a6f8128c1aa59e04a4a32817f505be6fbdce63e5dd70f12706b587790b5a0

    • SHA512

      9b74c6326a8aa72ef3c2af3d8882231d87f7c3300f6214658ae6a92706cba259a90d02eac653618b2ede4f16800392639a89b5bed3d715a3986572e7f2d1d55e

    • SSDEEP

      6144:PLh9nrxRw13UyU2G8g1QYYZTDt3n2x+Bdv5zs7iBsTYrPlUEYD/QzkRWAFctOp6E:TInTDtXF15zs7iyZ/0tUS1CU3BJbwP

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks