General

  • Target

    CalculationOfCosts-1140986746.js

  • Size

    464KB

  • Sample

    230615-agbfxseb8w

  • MD5

    6b92acca71e654528fc63beb184436a3

  • SHA1

    ddc7c7e027a956c826ad6a782da604fbb22c1840

  • SHA256

    3ab8a4eeadb73f0d3abb9603bdfbbe43adffd03c8eb557b104284430f18b91f7

  • SHA512

    e017502d86358cf4da9a58cd732694d1386a3dd9134d82b22689a54d9c1b579d82fa730287d6780a6f654a6f5d80edfa62e4043f2adffbe9e12f4eeb41747fc0

  • SSDEEP

    6144:LmFamddP19SiU+g9ITla9MGNs9yec26VZU6BboaI7CRY7kkh1:oLU3+gPZUW0V

Malware Config

Extracted

Family

qakbot

Version

404.1374

Botnet

obama268

Campaign

1686733312

C2

125.99.76.102:443

80.12.88.148:2222

109.149.147.195:2222

27.99.32.26:2222

70.28.50.223:3389

70.28.50.223:32100

86.97.96.62:2222

66.241.183.99:443

74.12.146.45:2222

190.199.147.209:2222

47.205.25.170:443

12.172.173.82:993

12.172.173.82:22

84.35.26.14:995

72.134.124.16:443

85.240.173.251:2078

50.68.186.195:443

65.190.242.244:443

45.62.75.217:443

203.109.44.236:995

Targets

    • Target

      CalculationOfCosts-1140986746.js

    • Size

      464KB

    • MD5

      6b92acca71e654528fc63beb184436a3

    • SHA1

      ddc7c7e027a956c826ad6a782da604fbb22c1840

    • SHA256

      3ab8a4eeadb73f0d3abb9603bdfbbe43adffd03c8eb557b104284430f18b91f7

    • SHA512

      e017502d86358cf4da9a58cd732694d1386a3dd9134d82b22689a54d9c1b579d82fa730287d6780a6f654a6f5d80edfa62e4043f2adffbe9e12f4eeb41747fc0

    • SSDEEP

      6144:LmFamddP19SiU+g9ITla9MGNs9yec26VZU6BboaI7CRY7kkh1:oLU3+gPZUW0V

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks