General

  • Target

    aaa.dll

  • Size

    2.3MB

  • Sample

    230615-mdxwzafh8z

  • MD5

    7ada53924de4e9e245379f3e1252f68d

  • SHA1

    dcad9cd77f5f16fd4121339045cbad32d550ebcb

  • SHA256

    a82012250cc001f02707c6b5beeb6f6f7f42f23d4adc38eb392207cc810ab58d

  • SHA512

    5f77a573c93f559c045e7ccd20e0b69fa90b3c0be7da686cd5bd54aa4e787c2a09846b2575171a6df9cf1887e5da8174a841f36ac6b16efbc6c56ca13efb2d02

  • SSDEEP

    49152:xRLJgZWlcDoNojrSH3pCtAPs0irH6sQg3Pt3gO6t:bJoWeDoHH3pIeUPt356t

Malware Config

Extracted

Family

qakbot

Version

404.1374

Botnet

BB32

Campaign

1686813265

C2

113.11.92.30:443

86.160.253.50:443

151.62.174.154:443

77.86.98.236:443

86.195.14.72:2222

12.172.173.82:2087

67.87.119.216:2078

84.213.236.225:995

70.28.50.223:2078

86.164.33.69:995

58.162.223.233:443

98.4.43.111:443

203.219.204.180:443

79.168.224.165:2222

80.12.88.148:2222

1.221.179.74:443

201.244.108.183:995

2.36.64.159:2078

72.205.104.134:443

74.12.147.242:2083

Targets

    • Target

      aaa.dll

    • Size

      2.3MB

    • MD5

      7ada53924de4e9e245379f3e1252f68d

    • SHA1

      dcad9cd77f5f16fd4121339045cbad32d550ebcb

    • SHA256

      a82012250cc001f02707c6b5beeb6f6f7f42f23d4adc38eb392207cc810ab58d

    • SHA512

      5f77a573c93f559c045e7ccd20e0b69fa90b3c0be7da686cd5bd54aa4e787c2a09846b2575171a6df9cf1887e5da8174a841f36ac6b16efbc6c56ca13efb2d02

    • SSDEEP

      49152:xRLJgZWlcDoNojrSH3pCtAPs0irH6sQg3Pt3gO6t:bJoWeDoHH3pIeUPt356t

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks