General

  • Target

    93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.zip

  • Size

    1010KB

  • Sample

    240302-xxke4agg26

  • MD5

    2ece7f01b02e6d276391213deda1a4af

  • SHA1

    4e650fb9cb14b5fb2f1f5774159ebe379af8089a

  • SHA256

    39e79ae8d91991013f5d7ea8044ddbdd9c6feb56244c57ca82c0047c78aaff55

  • SHA512

    10e239cbdb445cea3544e6f390d6de76752bb8dcc443eb85c85a572f05ae31da591d4a7be43b2931b9e2241baf48f539bf886dd716259955641aa1bcee87454a

  • SSDEEP

    24576:YouaNN3a5R90JDKq2R2TYU1TxqwqHlL+XWhdtMECYKLJ:Ju7sw2HowqFCWOECr

Malware Config

Extracted

Family

qakbot

Botnet

tchk06

Campaign

1702463600

C2

45.138.74.191:443

65.108.218.24:443

Attributes
  • camp_date

    2023-12-13 10:33:20 +0000 UTC

Targets

    • Target

      93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.msi

    • Size

      1.9MB

    • MD5

      82b8bd90e500fb0bf878d6f430c5abec

    • SHA1

      f004c09428f2f18a145212a9e55eef3615858f9c

    • SHA256

      93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f

    • SHA512

      82b2e997bf5bc0d08ab8dd921aef3e8d620a61c26f86b6f481845ad694d7b97f65dfa42e1c18b83f0f827cad9df69a409b75d96793e5bd7124c26bc7cb07f881

    • SSDEEP

      49152:Ksjitd+vszAlozTy4g5r8+5eNBABxGNvXreD68f:rihTyfcXreO8f

    • Detect Qakbot Payload

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Tasks