General

  • Target

    0cfd289b41e1849b6678823574bab07b730094bcbab4577ece3e96febe84d4d4

  • Size

    2.2MB

  • Sample

    210114-byk1gq63rs

  • MD5

    c300a4f9d885116a4ebf30250dbda77e

  • SHA1

    921406e91672941b4931b943f4ca8607c929319a

  • SHA256

    0cfd289b41e1849b6678823574bab07b730094bcbab4577ece3e96febe84d4d4

  • SHA512

    fa86df57e987eaf683c212be4357ffc61a021a937457ae13bb32c7816e3eac6f20e77488cd509cb36cba0f601d26b80a57de8be173a34edf496ab3ea6e446dcb

Malware Config

Extracted

Family

qakbot

Botnet

abc114

Campaign

1608129413

C2

86.127.22.190:443

35.139.242.207:443

108.190.194.146:2222

187.213.199.54:443

68.83.89.188:443

41.233.152.232:993

196.151.252.84:443

181.208.249.141:443

172.87.134.226:443

96.27.47.70:2222

83.110.109.78:2222

93.86.1.159:995

217.162.149.212:443

80.11.210.247:443

72.252.201.69:443

185.163.221.77:2222

189.62.175.92:22

95.76.27.6:443

45.77.115.208:443

187.213.82.104:995

Targets

    • Target

      0cfd289b41e1849b6678823574bab07b730094bcbab4577ece3e96febe84d4d4

    • Size

      2.2MB

    • MD5

      c300a4f9d885116a4ebf30250dbda77e

    • SHA1

      921406e91672941b4931b943f4ca8607c929319a

    • SHA256

      0cfd289b41e1849b6678823574bab07b730094bcbab4577ece3e96febe84d4d4

    • SHA512

      fa86df57e987eaf683c212be4357ffc61a021a937457ae13bb32c7816e3eac6f20e77488cd509cb36cba0f601d26b80a57de8be173a34edf496ab3ea6e446dcb

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks