General
-
Target
mrch.gif
-
Size
424KB
-
Sample
210302-y9rqfzcq5x
-
MD5
97e6abcad2140619ff150d6253f62b8f
-
SHA1
0762a2db618f5dcc403139b671222aecb7c4aaf1
-
SHA256
24753d9f0d691b6d582da3e301b98f75abbdb5382bb871ee00713c5029c56d44
-
SHA512
54d55de10d22086a0d77cad5b833ceee0b1bcd62062e56c0af5deaa64b0bbc84f45ac47905b833967b611a3e41eeb7f5ccc437619648cf69f8f1f04d50faaf08
Static task
static1
Behavioral task
behavioral1
Sample
mrch.gif.dll
Resource
win7v20201028
Malware Config
Extracted
qakbot
tr
1614598087
24.95.61.62:443
89.3.198.238:443
196.151.252.84:443
90.65.236.181:2222
2.232.253.79:995
217.133.54.140:32100
195.43.173.70:443
84.247.55.190:8443
136.232.34.70:443
45.63.107.192:443
45.77.115.208:443
149.28.98.196:995
45.32.211.207:8443
149.28.98.196:443
149.28.99.97:443
45.63.107.192:2222
207.246.77.75:443
207.246.77.75:8443
45.77.117.108:443
45.32.211.207:995
144.202.38.185:2222
144.202.38.185:995
149.28.101.90:443
207.246.77.75:2222
207.246.77.75:995
45.77.115.208:2222
45.77.115.208:8443
207.246.116.237:443
207.246.116.237:2222
45.77.117.108:8443
149.28.98.196:2222
144.202.38.185:443
149.28.101.90:8443
149.28.101.90:2222
45.77.115.208:995
207.246.116.237:8443
207.246.116.237:995
45.77.117.108:995
45.77.117.108:2222
122.148.156.131:995
149.28.101.90:995
45.32.211.207:443
45.32.211.207:2222
149.28.99.97:2222
149.28.99.97:995
209.210.187.52:995
85.52.72.32:2222
86.236.77.68:2222
71.199.192.62:443
71.117.132.169:443
75.67.192.125:443
172.87.157.235:3389
79.115.174.55:443
95.77.223.148:443
83.110.9.71:2222
84.72.35.226:443
193.248.221.184:2222
68.186.192.69:443
75.136.40.155:443
2.7.116.188:2222
140.82.49.12:443
202.184.20.119:443
182.48.193.200:443
81.97.154.100:443
47.22.148.6:443
80.11.173.82:8443
213.60.147.140:443
197.161.154.132:443
89.137.211.239:995
78.180.179.136:443
83.196.56.65:2222
115.133.243.6:443
59.90.246.200:443
113.22.175.141:443
105.198.236.101:443
80.227.5.69:443
83.110.103.152:443
216.201.162.158:443
97.69.160.4:2222
65.27.228.247:443
75.118.1.141:443
81.214.126.173:2222
71.74.12.34:443
189.222.217.105:443
75.136.26.147:443
173.21.10.71:2222
203.198.96.249:443
73.153.211.227:443
197.45.110.165:995
144.139.166.18:443
76.25.142.196:443
96.37.113.36:993
71.197.126.250:443
24.43.22.218:993
74.222.204.82:995
67.6.12.4:443
108.29.32.251:443
142.117.191.18:2222
50.29.166.232:995
32.210.98.6:443
98.240.24.57:443
45.46.53.140:2222
172.78.30.215:443
47.196.192.184:443
186.31.77.42:443
83.110.108.38:2222
78.97.207.104:443
78.63.226.32:443
109.12.111.14:443
71.14.110.199:443
80.7.129.64:995
87.202.87.210:2222
74.68.144.202:443
196.221.207.137:995
197.51.82.72:443
202.188.138.162:443
176.181.247.197:443
189.222.199.37:995
188.26.91.212:443
41.39.134.183:443
98.192.185.86:443
105.96.8.96:443
47.187.108.172:443
105.198.236.99:443
94.53.92.42:443
174.104.22.30:443
189.222.59.177:443
181.48.190.78:443
119.157.106.105:3389
189.146.183.105:443
45.118.216.157:443
125.209.114.182:995
173.25.45.66:443
199.19.117.131:443
98.252.118.134:443
67.8.103.21:443
125.239.152.76:995
187.250.177.33:995
189.210.115.207:443
151.205.102.42:443
106.51.85.162:443
72.240.200.181:2222
72.252.201.69:443
209.210.187.52:443
108.46.145.30:443
24.139.72.117:443
71.163.223.159:443
24.229.150.54:995
45.63.107.192:995
82.12.157.95:995
Targets
-
-
Target
mrch.gif
-
Size
424KB
-
MD5
97e6abcad2140619ff150d6253f62b8f
-
SHA1
0762a2db618f5dcc403139b671222aecb7c4aaf1
-
SHA256
24753d9f0d691b6d582da3e301b98f75abbdb5382bb871ee00713c5029c56d44
-
SHA512
54d55de10d22086a0d77cad5b833ceee0b1bcd62062e56c0af5deaa64b0bbc84f45ac47905b833967b611a3e41eeb7f5ccc437619648cf69f8f1f04d50faaf08
-
Loads dropped DLL
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Query Registry
1System Information Discovery
1Peripheral Device Discovery
1Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Scheduled Task
1Privilege Escalation