General

  • Target

    ef5bfe3b8887512c769dafa06bf85ebce8a5ad4caef73a9877025b8cabfc0f59

  • Size

    1.2MB

  • Sample

    230830-y1z6dshh71

  • MD5

    1a09f13c4be42e02eb2b686c6931260b

  • SHA1

    0e07d43842f79f390bcdeccf764f03b43b4308b0

  • SHA256

    ef5bfe3b8887512c769dafa06bf85ebce8a5ad4caef73a9877025b8cabfc0f59

  • SHA512

    d3a2a25eb2f4514fe705e04ca7a4d7eb563e0f53db961d62a91eaf362ad39041af0c2728d60faa864a4069feef425de3486133eb32da4413d856729a9d56b489

  • SSDEEP

    12288:VK3pyiZL0yh4loxeCJZFfO1WMJ9e2HUS4z3C4+:V2pyiZLaoxLzkWM2eV4w

Malware Config

Extracted

Family

qakbot

Version

324.142

Botnet

spx135

Campaign

1591627649

C2

89.32.216.156:443

74.222.204.82:443

24.183.39.93:443

97.93.211.17:443

80.14.209.42:2222

96.35.170.82:2222

151.73.124.242:443

98.110.231.63:443

108.227.161.27:995

173.3.132.17:995

31.5.41.52:443

24.122.228.88:443

5.107.208.94:2222

76.185.136.58:443

50.29.166.232:995

73.210.114.187:443

92.114.107.193:995

24.43.22.220:993

50.247.230.33:995

72.142.106.198:465

Targets

    • Target

      ef5bfe3b8887512c769dafa06bf85ebce8a5ad4caef73a9877025b8cabfc0f59

    • Size

      1.2MB

    • MD5

      1a09f13c4be42e02eb2b686c6931260b

    • SHA1

      0e07d43842f79f390bcdeccf764f03b43b4308b0

    • SHA256

      ef5bfe3b8887512c769dafa06bf85ebce8a5ad4caef73a9877025b8cabfc0f59

    • SHA512

      d3a2a25eb2f4514fe705e04ca7a4d7eb563e0f53db961d62a91eaf362ad39041af0c2728d60faa864a4069feef425de3486133eb32da4413d856729a9d56b489

    • SSDEEP

      12288:VK3pyiZL0yh4loxeCJZFfO1WMJ9e2HUS4z3C4+:V2pyiZLaoxLzkWM2eV4w

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks