General

  • Target

    7494dfce601f88205487e074f43c93a5bd8344be421a35d7f9c510e5fb08778b_0a64c3b18f10fa85be3a7e18029d30af1f3cecacc7d20976b1701527e315bcc1.exe

  • Size

    521KB

  • Sample

    240822-gexdyavbml

  • MD5

    4f8f818e636f157d640c8e003630d311

  • SHA1

    2834f4726770237327355e6427fbde23eb4465e1

  • SHA256

    0a64c3b18f10fa85be3a7e18029d30af1f3cecacc7d20976b1701527e315bcc1

  • SHA512

    60c590a35e43453f4d5d062ea14c736f2fbf380cc343411566131441f0b45530fa71d6456007f870a479a60d941a9b56eac48737817d91dd905a2e6a17a49546

  • SSDEEP

    6144:53iGEtpvg9pe3oUADfamC9EGqswger75gYK9KRCv/qn8TW:53mgLbtvswgK75b0o6Snj

Malware Config

Extracted

Family

qakbot

Version

324.142

Botnet

spx131

Campaign

1591077865

C2

73.226.220.56:443

98.148.177.77:443

207.255.161.8:443

72.190.101.70:443

100.38.123.22:443

50.104.186.71:443

67.249.222.14:443

104.235.61.64:443

207.255.161.8:2222

71.197.180.27:443

72.209.191.27:443

64.19.74.29:995

71.209.67.223:2222

98.115.138.61:443

75.87.161.32:995

58.233.220.182:443

68.174.15.223:443

50.244.112.10:443

76.187.8.160:443

173.22.120.11:2222

Targets

    • Target

      7494dfce601f88205487e074f43c93a5bd8344be421a35d7f9c510e5fb08778b_0a64c3b18f10fa85be3a7e18029d30af1f3cecacc7d20976b1701527e315bcc1.exe

    • Size

      521KB

    • MD5

      4f8f818e636f157d640c8e003630d311

    • SHA1

      2834f4726770237327355e6427fbde23eb4465e1

    • SHA256

      0a64c3b18f10fa85be3a7e18029d30af1f3cecacc7d20976b1701527e315bcc1

    • SHA512

      60c590a35e43453f4d5d062ea14c736f2fbf380cc343411566131441f0b45530fa71d6456007f870a479a60d941a9b56eac48737817d91dd905a2e6a17a49546

    • SSDEEP

      6144:53iGEtpvg9pe3oUADfamC9EGqswger75gYK9KRCv/qn8TW:53mgLbtvswgK75b0o6Snj

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks