General

  • Target

    98cda311879120391aca6e5e7b01e938e135013c53c43ae85cf594cd15eda9d2

  • Size

    1.0MB

  • Sample

    240226-dj115sbb76

  • MD5

    edd6483f2fd1816c6033204f1867b1d0

  • SHA1

    3771e01d917edadf6d22871a0b00dff99f1b1cb9

  • SHA256

    98cda311879120391aca6e5e7b01e938e135013c53c43ae85cf594cd15eda9d2

  • SHA512

    062231bc1d9172df758e2c89e7e1d91c22daa916d685830806c73559a1a58e2a0658e5413c0e183994bc5a6f1df3a6077a8e990a2bd7565a659d4cf693c90f72

  • SSDEEP

    12288:KVbaHbD19/nXEx5xuzi6AoS5qt4cW+EEFsfZdGvvOWTbH:KZ+bh9cTottW+jKZI3OWTL

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc004

Campaign

1600240826

C2

96.227.127.13:443

98.22.65.76:443

67.165.206.193:993

50.244.112.10:995

72.204.242.138:465

72.36.59.46:2222

68.174.15.223:443

69.11.247.242:443

75.81.25.223:443

95.77.223.148:443

47.146.32.175:443

50.232.172.114:443

24.231.54.185:2222

184.180.157.203:2222

190.31.192.182:443

84.47.220.117:995

96.18.240.158:443

117.199.14.80:443

184.97.148.2:443

207.255.161.8:993

Targets

    • Target

      98cda311879120391aca6e5e7b01e938e135013c53c43ae85cf594cd15eda9d2

    • Size

      1.0MB

    • MD5

      edd6483f2fd1816c6033204f1867b1d0

    • SHA1

      3771e01d917edadf6d22871a0b00dff99f1b1cb9

    • SHA256

      98cda311879120391aca6e5e7b01e938e135013c53c43ae85cf594cd15eda9d2

    • SHA512

      062231bc1d9172df758e2c89e7e1d91c22daa916d685830806c73559a1a58e2a0658e5413c0e183994bc5a6f1df3a6077a8e990a2bd7565a659d4cf693c90f72

    • SSDEEP

      12288:KVbaHbD19/nXEx5xuzi6AoS5qt4cW+EEFsfZdGvvOWTbH:KZ+bh9cTottW+jKZI3OWTL

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Tasks