General

  • Target

    7.bin

  • Size

    781KB

  • Sample

    191111-zl9l5y6lp2

  • MD5

    351cd3d696c289fc04c81db02fcf3021

  • SHA1

    991b203803b329a0bbfa7938d9b01f7ecebcdef6

  • SHA256

    2b9ef4a9f47402d171eec28acadf3753cbb33c9bc6ec26d99aa060127a470e95

  • SHA512

    59b069386fc2065f61cd165d8d2d64fc40617410515ad876b2bfbd49c25dc5ff5f39a876074987e51a7fb34ab93718f9d34b42d5c39316239e0bf72e21f714ba

Malware Config

Extracted

Family

qakbot

Campaign

1573023013

C2

107.12.140.181:443

67.5.33.229:2078

184.74.101.234:995

172.78.45.13:995

181.95.16.207:443

50.246.229.50:443

207.179.194.91:443

67.246.16.250:995

75.110.250.89:443

173.91.254.236:443

50.78.93.74:995

73.104.218.229:0

47.23.101.26:993

88.111.255.235:2222

12.5.37.3:995

24.30.71.200:443

72.29.181.77:2078

98.155.154.220:443

196.194.74.33:2222

47.214.144.253:443

Targets

    • Target

      7.bin

    • Size

      781KB

    • MD5

      351cd3d696c289fc04c81db02fcf3021

    • SHA1

      991b203803b329a0bbfa7938d9b01f7ecebcdef6

    • SHA256

      2b9ef4a9f47402d171eec28acadf3753cbb33c9bc6ec26d99aa060127a470e95

    • SHA512

      59b069386fc2065f61cd165d8d2d64fc40617410515ad876b2bfbd49c25dc5ff5f39a876074987e51a7fb34ab93718f9d34b42d5c39316239e0bf72e21f714ba

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Discovery

Remote System Discovery

1
T1018

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks