General

  • Target

    443005396033565.dat.dll

  • Size

    1.4MB

  • Sample

    210416-rc3b4mk59n

  • MD5

    ebfa547e33130d467d38c466a810fb14

  • SHA1

    a7093446731c84221e4e7e4105c00834dbc19ab6

  • SHA256

    7262fc8f73299cfbead27493ad24bc60688d4fa3b3e3a676b639dbe170c8334b

  • SHA512

    eae24d7349c7271b50c0cf1badf4c13e8f6b83ccebf4596bf1f89fe4137def770aa242630e09ad6dda26b3e7cff521a052b74bdfaa6fdec43881e8500ca8f0f9

Malware Config

Extracted

Family

qakbot

Botnet

clinton05

Campaign

1618497049

C2

72.252.201.69:443

45.63.107.192:995

149.28.99.97:2222

75.118.1.141:443

189.210.115.207:443

72.240.200.181:2222

75.137.47.174:443

151.205.102.42:443

136.232.34.70:443

216.201.162.158:443

47.196.192.184:443

67.8.103.21:443

140.82.49.12:443

24.226.156.153:443

71.41.184.10:3389

24.139.72.117:443

71.74.12.34:443

24.55.112.61:443

173.21.10.71:2222

193.248.221.184:2222

Targets

    • Target

      443005396033565.dat.dll

    • Size

      1.4MB

    • MD5

      ebfa547e33130d467d38c466a810fb14

    • SHA1

      a7093446731c84221e4e7e4105c00834dbc19ab6

    • SHA256

      7262fc8f73299cfbead27493ad24bc60688d4fa3b3e3a676b639dbe170c8334b

    • SHA512

      eae24d7349c7271b50c0cf1badf4c13e8f6b83ccebf4596bf1f89fe4137def770aa242630e09ad6dda26b3e7cff521a052b74bdfaa6fdec43881e8500ca8f0f9

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks