General

  • Target

    fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.zip

  • Size

    678KB

  • Sample

    240928-wm2e7ayenk

  • MD5

    3096c8e2e516f8b1815f783d67276ef3

  • SHA1

    39d75fd303bf75f6baea3eb895bf08d943943a85

  • SHA256

    eae162906764fde991acf700bf008d3417cf9676e42d8a0374e93d0fbe17f34a

  • SHA512

    151d8fcadf020c7d7a2887e4b471a26ee6659353ca2ae9c853f43c6bd0005305237c923da72cb81149e803fda6520cd0a6b6de8514e6278a71a3c21a609579c0

  • SSDEEP

    12288:VIjhwq6ghZF2gkR9NYxIP9DTy9b/Z89RXHdzuU4pUmMpclDZZZhQEFasVvBP:ClwghZFRkDNpDTyRCnIUyUlUdZgaVt

Malware Config

Extracted

Family

qakbot

Botnet

bmw01

Campaign

1706268333

C2

116.202.110.87:443

77.73.39.175:32103

185.156.172.62:443

185.117.90.142:6882

Attributes
  • camp_date

    2024-01-26 11:25:33 +0000 UTC

Targets

    • Target

      fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe

    • Size

      1.3MB

    • MD5

      f9073d4ac3089ecc2c43b73b3818582e

    • SHA1

      38813f19e54d28055b2cc4d7030cf608ca5d4c5a

    • SHA256

      fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92

    • SHA512

      bc52575d876e84c7b9b92590dc9168785021da7ce9c53e81421b307cb6de157be3e88f19aee095b0ecc6bf57f7ed02da0df1198b71ba6c292ec37d3ad50b7d35

    • SSDEEP

      24576:bH4G8P8VYqjxxT6qZk1rFrXc0lLF5HskwGpLFg:cG8P8VcrlcwLXPpL6

    • Detect Qakbot Payload

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks