General

  • Target

    document-1647499061.xlsb

  • Size

    291KB

  • Sample

    201113-qcw98lzct2

  • MD5

    66683f5c01cbfe5c609d2d0aeacd779d

  • SHA1

    e448ea9b62561e845d7a652f9a454cae88621f58

  • SHA256

    6ce04c06232e8c8b632e68929c6cf1c006b7220e96ab33771c19c6596ca3a82b

  • SHA512

    29fad982221e6e3ea2e3ab9741e8b2fdf92d71822176d1b83c3d3dd32287fdbc0e6eea47e9aabfb818bce51c742e37f1d42f16639fd4d5c75df6420673b35b3d

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://we11wdsgd.com/

rc4.i32
rc4.i32

Extracted

Family

qakbot

Botnet

tr01

Campaign

1604997522

C2

122.61.213.85:443

2.50.89.119:995

189.183.201.0:443

86.98.145.152:2222

96.241.66.126:443

90.101.117.122:2222

94.69.112.148:2222

81.150.181.168:2222

82.127.125.209:2222

81.214.126.173:2222

86.140.82.116:20

172.87.157.235:443

176.181.247.197:443

78.97.110.47:443

5.15.90.117:2222

41.206.131.156:443

151.73.112.67:443

82.127.125.209:990

197.45.110.165:995

81.133.234.36:2222

Targets

MITRE ATT&CK Enterprise v6

Tasks