Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ProjectFunding_450726_Jun01.js

  • Size

    1KB

  • Sample

    230601-s5bqpsfb38

  • MD5

    a657553449746c482dacfe3b19119b7a

  • SHA1

    630b815d443f8f7ef7e4c4c7c100de1cd8a7ed53

  • SHA256

    44e029dd6210c4906a82e1f16dd5ebed434efd225dafb92fc560e6ff6d1ee948

  • SHA512

    dea33536a5c5fe279ca1a8a3d4639be0f49d5ca3c21f4cbbda10c5d059837c2bc4c3917cdbddd0fc9f4a0773f325369b200f0df8e0035da6afab26f09502c321

Malware Config

Extracted

Family

qakbot

Version

404.1346

Botnet

obama266

Campaign

1685611378

C2

24.234.220.88:990

70.28.50.223:2078

96.56.197.26:2083

103.123.223.133:443

83.249.198.100:2222

199.27.66.213:443

90.104.151.37:2222

94.204.202.106:443

72.205.104.134:443

65.95.141.84:2222

82.131.141.209:443

77.126.99.230:443

71.38.155.217:443

205.237.67.69:995

84.215.202.8:443

24.234.220.88:465

76.178.148.107:2222

116.74.163.130:443

70.28.50.223:2087

147.147.30.126:2222

Targets

    • Target

      ProjectFunding_450726_Jun01.js

    • Size

      1KB

    • MD5

      a657553449746c482dacfe3b19119b7a

    • SHA1

      630b815d443f8f7ef7e4c4c7c100de1cd8a7ed53

    • SHA256

      44e029dd6210c4906a82e1f16dd5ebed434efd225dafb92fc560e6ff6d1ee948

    • SHA512

      dea33536a5c5fe279ca1a8a3d4639be0f49d5ca3c21f4cbbda10c5d059837c2bc4c3917cdbddd0fc9f4a0773f325369b200f0df8e0035da6afab26f09502c321

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks