General

  • Target

    73472cfc52f2732b933e385ef80b4541191c45c995ce5c42844484c33c9867a3.zip

  • Size

    4.2MB

  • Sample

    240402-l5b8xaea7w

  • MD5

    1dfa459158e1d9b06cb17e2c0e5e89c5

  • SHA1

    9610525bb1d0c6976b9dfaaece83b68686a0a415

  • SHA256

    7ca944aceb280237597a251217a9b5db9f04279fe63b5ab6583f13e15dfc9f46

  • SHA512

    edb6dbce1323087869ee5acf7b74e818951e174ef03981623b2c46dedefac9358dfa00ee82f2c6681443cb004df8091f706742de23a5b456d1370c39089dae10

  • SSDEEP

    98304:Xf9VdyEc0YCFCNtIJxe1gH91BoVAZrKa4W5AqzqZFV0Wg:P9Vnc0YjjAx3TSVkTzzmV0B

Malware Config

Extracted

Family

qakbot

Botnet

tchk08

Campaign

1706710954

C2

31.210.173.10:443

185.156.172.62:443

185.113.8.123:443

Attributes
  • camp_date

    2024-01-31 14:22:34 +0000 UTC

Targets

    • Target

      73472cfc52f2732b933e385ef80b4541191c45c995ce5c42844484c33c9867a3.msi

    • Size

      5.8MB

    • MD5

      483b57478ab379546ae9fbab1c0185fa

    • SHA1

      e76211f214c1bcd7eb4ab21478d11a50c31d5da7

    • SHA256

      73472cfc52f2732b933e385ef80b4541191c45c995ce5c42844484c33c9867a3

    • SHA512

      a06f6a98831454f70413efcb6ca97a96440c07bc65e42a8bbfa6c2a6ae7d5dc666d3b96455acdd98089867b9f5ed0cbd98c69bda1c088eb6f3a6c7d702bcb9c4

    • SSDEEP

      98304:mihTySajXEjCVXrepfrULCZf7ACNQB0zmlwXU8ern7beyN:OjjIzULqpQBv17r3eyN

    • Detect Qakbot Payload

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks