General

  • Target

    111112.zip

  • Size

    249KB

  • Sample

    201126-rdkek299yj

  • MD5

    47c30f83c25c59d0e70e164cf98ade06

  • SHA1

    8b40ad88cbe8ba43ddb53a1e4008435b58dc8dfd

  • SHA256

    27444feded72224aff37a7fe95cfb7c9f7bde33b14099eabc4a2bf5ebb5b56aa

  • SHA512

    5929fec68858cf1c2a87f444adf0e019269b9411d2541acda0da6bfe608a3516947bb0d38aa745066859d301a3064d603cac88cbd9855ef00fb04453786f3472

Malware Config

Extracted

Family

qakbot

Botnet

abc101

Campaign

1606331967

C2

76.104.230.174:443

187.227.86.129:995

219.255.28.241:443

78.184.6.94:443

95.159.45.82:443

91.228.36.95:443

79.115.215.125:443

24.244.161.36:443

24.71.28.247:443

73.239.229.107:995

187.153.119.36:443

190.75.167.44:2222

83.110.111.159:443

174.76.21.134:443

75.109.180.221:443

85.122.141.42:995

156.222.6.246:995

188.24.183.193:443

88.106.237.152:2222

79.166.83.103:2222

Targets

    • Target

      111112.jpg

    • Size

      2.9MB

    • MD5

      008dbbd90f4850bd5100ec7f7a44a718

    • SHA1

      f40f99bab58d681f265cf1b6622cc087264c422c

    • SHA256

      aed677ba2f94ebf7b7b9b5df50f06f91764e0e040a546bc008bc808cd9b7fd81

    • SHA512

      6c02754f06976fda1dd2f24f1cd01e5156a184b1e1f65eef8010ebfade031960ff0ca203bcf7acc2ee45d04490a62366c59385e2c908d5a18204a3c12887d1ca

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks