General

  • Target

    7c16cd83d2c94fd23635df1e30d20f88a9a0359870a7d8e7cae03269f980f023

  • Size

    1016KB

  • Sample

    210224-xw944b9s1x

  • MD5

    873e74b88e18c15365f236ac1f98e2e0

  • SHA1

    aa43ad94aeb7800931206e733494148abfe39d3f

  • SHA256

    7c16cd83d2c94fd23635df1e30d20f88a9a0359870a7d8e7cae03269f980f023

  • SHA512

    0bd59ab2bd699f7120ca32faacd72119f956ccb31f65b36a564b64d3503f1f983c5b1c08e8f6dc09e203e2b14e53685cb28b053b374b0b90019b3d4e396fc120

Malware Config

Extracted

Family

qakbot

Botnet

tr

Campaign

1612175155

C2

89.3.198.238:443

172.78.30.215:443

85.52.72.32:2222

76.110.113.71:995

106.51.52.111:443

75.67.192.125:443

172.115.177.204:2222

197.45.110.165:995

82.76.47.211:443

45.77.115.208:443

45.32.211.207:443

144.202.38.185:443

207.246.116.237:995

149.28.101.90:995

149.28.101.90:8443

207.246.116.237:8443

144.202.38.185:2222

45.32.211.207:8443

149.28.101.90:443

149.28.101.90:2222

Targets

    • Target

      7c16cd83d2c94fd23635df1e30d20f88a9a0359870a7d8e7cae03269f980f023

    • Size

      1016KB

    • MD5

      873e74b88e18c15365f236ac1f98e2e0

    • SHA1

      aa43ad94aeb7800931206e733494148abfe39d3f

    • SHA256

      7c16cd83d2c94fd23635df1e30d20f88a9a0359870a7d8e7cae03269f980f023

    • SHA512

      0bd59ab2bd699f7120ca32faacd72119f956ccb31f65b36a564b64d3503f1f983c5b1c08e8f6dc09e203e2b14e53685cb28b053b374b0b90019b3d4e396fc120

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks