General

  • Target

    ProjectFunding_477443_Jun01.js

  • Size

    1KB

  • Sample

    230601-t5svnaff7y

  • MD5

    6eec3609ad79c0b5efd01946dbf1f90d

  • SHA1

    f59d16c3aaf41e61fc39fad32d315eaf438df6d3

  • SHA256

    d2e421d6f0d2b40181cd19075284df13bbdbab7db7c79cbec45cd5ae3304bb4f

  • SHA512

    7b8f9861ba7baa173fbacd222b95938490cefd19aee7553629133483adcb12764e0a8c233e06e9bf55c754bc12b017ed5f904ccbf6d0bf290e68dc00b46fb0d5

Malware Config

Extracted

Family

qakbot

Version

404.1346

Botnet

obama266

Campaign

1685611378

C2

24.234.220.88:990

70.28.50.223:2078

96.56.197.26:2083

103.123.223.133:443

83.249.198.100:2222

199.27.66.213:443

90.104.151.37:2222

94.204.202.106:443

72.205.104.134:443

65.95.141.84:2222

82.131.141.209:443

77.126.99.230:443

71.38.155.217:443

205.237.67.69:995

84.215.202.8:443

24.234.220.88:465

76.178.148.107:2222

116.74.163.130:443

70.28.50.223:2087

147.147.30.126:2222

Targets

    • Target

      ProjectFunding_477443_Jun01.js

    • Size

      1KB

    • MD5

      6eec3609ad79c0b5efd01946dbf1f90d

    • SHA1

      f59d16c3aaf41e61fc39fad32d315eaf438df6d3

    • SHA256

      d2e421d6f0d2b40181cd19075284df13bbdbab7db7c79cbec45cd5ae3304bb4f

    • SHA512

      7b8f9861ba7baa173fbacd222b95938490cefd19aee7553629133483adcb12764e0a8c233e06e9bf55c754bc12b017ed5f904ccbf6d0bf290e68dc00b46fb0d5

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks