General

  • Target

    0dfa8d04fff81c0abaa91bdd60203a22606be027365967383f3a75cc1fb65c96

  • Size

    957KB

  • Sample

    210219-4ymybqsdkn

  • MD5

    5906b211144bb691aba80030e1aeebc5

  • SHA1

    1912a17b81527a4703093e95e3985780ae73f01d

  • SHA256

    0dfa8d04fff81c0abaa91bdd60203a22606be027365967383f3a75cc1fb65c96

  • SHA512

    ae16d01e5abbc1a609141ea27fc7fdc9bce8bb8e05be714ad1d30eb67c48b69f7144e44c26fa0c2c8964a2f08edc64b655dd25ac1cad2f00f3c05c329c4c7656

Malware Config

Extracted

Family

qakbot

Botnet

tr

Campaign

1613385567

C2

78.63.226.32:443

197.51.82.72:443

193.248.221.184:2222

95.77.223.148:443

71.199.192.62:443

77.211.30.202:995

80.227.5.69:443

77.27.204.204:995

81.97.154.100:443

173.184.119.153:995

38.92.225.121:443

81.150.181.168:2222

90.65.236.181:2222

83.110.103.152:443

73.153.211.227:443

188.25.63.105:443

89.137.211.239:995

202.188.138.162:443

98.173.34.212:995

87.202.87.210:2222

Targets

    • Target

      0dfa8d04fff81c0abaa91bdd60203a22606be027365967383f3a75cc1fb65c96

    • Size

      957KB

    • MD5

      5906b211144bb691aba80030e1aeebc5

    • SHA1

      1912a17b81527a4703093e95e3985780ae73f01d

    • SHA256

      0dfa8d04fff81c0abaa91bdd60203a22606be027365967383f3a75cc1fb65c96

    • SHA512

      ae16d01e5abbc1a609141ea27fc7fdc9bce8bb8e05be714ad1d30eb67c48b69f7144e44c26fa0c2c8964a2f08edc64b655dd25ac1cad2f00f3c05c329c4c7656

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks