General

  • Target

    66bd4ee25df0e3dd99a0c1839afb5699f52667a2feeaa4091cc8eb18543fbc67

  • Size

    131KB

  • Sample

    230612-wrdvpadc43

  • MD5

    c46fef76655df08967c3056cdbc67c15

  • SHA1

    5724e8f56359ef60b146a99c978224ddcbdb6b81

  • SHA256

    66bd4ee25df0e3dd99a0c1839afb5699f52667a2feeaa4091cc8eb18543fbc67

  • SHA512

    702d51ff95504797ac06d3569a07f8db3fd3835563f26dd11f9bf98b83438d2908a45223d6ecc2a1c11665241bce435836813ed5063612789e9f56996f447056

  • SSDEEP

    3072:hg0KGh5Z8j3EzihlFsUA9QJb4VMHT8TBff5BQ:dKGJGEz+lOB2JEVMHT8TB3bQ

Malware Config

Extracted

Family

qakbot

Version

404.1035

Botnet

obama261

Campaign

1683268508

C2

174.4.89.3:443

23.30.173.133:443

70.51.136.238:2222

68.173.170.110:8443

47.21.51.138:443

70.64.77.115:443

76.16.49.134:443

64.121.161.102:443

108.190.115.159:443

98.19.224.125:995

12.172.173.82:465

147.219.4.194:443

86.250.12.86:2222

188.176.171.3:443

88.126.94.4:50000

87.202.101.164:50000

74.92.243.115:50000

98.176.5.56:443

198.2.51.242:993

75.98.154.19:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      66bd4ee25df0e3dd99a0c1839afb5699f52667a2feeaa4091cc8eb18543fbc67

    • Size

      131KB

    • MD5

      c46fef76655df08967c3056cdbc67c15

    • SHA1

      5724e8f56359ef60b146a99c978224ddcbdb6b81

    • SHA256

      66bd4ee25df0e3dd99a0c1839afb5699f52667a2feeaa4091cc8eb18543fbc67

    • SHA512

      702d51ff95504797ac06d3569a07f8db3fd3835563f26dd11f9bf98b83438d2908a45223d6ecc2a1c11665241bce435836813ed5063612789e9f56996f447056

    • SSDEEP

      3072:hg0KGh5Z8j3EzihlFsUA9QJb4VMHT8TBff5BQ:dKGJGEz+lOB2JEVMHT8TB3bQ

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks