General

  • Target

    391e8c964ad26241c71b43156e0c09c6

  • Size

    632KB

  • Sample

    210419-z9ble5m16x

  • MD5

    391e8c964ad26241c71b43156e0c09c6

  • SHA1

    cacc615e6a5d0eb6de5fc6e0d4e79d672acf6e35

  • SHA256

    1b1f8bd2ee572022fec620ee46952f595b4846fa7aa6e8726cba81c38fa06931

  • SHA512

    f457f91d10e6c4b2bd46cfaa9bf07c67d2127f5a10f05e712dd72af6276d473ae3ad9b89293d972c523021ca295fe4b306eaa25ae201032da93dde60a13315b3

Malware Config

Extracted

Family

qakbot

Botnet

obama30

Campaign

1618843418

C2

83.110.109.164:2222

75.67.192.125:443

189.210.115.207:443

47.196.192.184:443

72.252.201.69:443

151.205.102.42:443

81.97.154.100:443

24.117.107.120:443

140.82.49.12:443

78.63.226.32:443

72.240.200.181:2222

75.137.47.174:443

71.41.184.10:3389

73.25.124.140:2222

149.28.101.90:8443

149.28.101.90:2222

45.77.115.208:995

45.77.115.208:8443

207.246.77.75:8443

207.246.77.75:2222

Targets

    • Target

      391e8c964ad26241c71b43156e0c09c6

    • Size

      632KB

    • MD5

      391e8c964ad26241c71b43156e0c09c6

    • SHA1

      cacc615e6a5d0eb6de5fc6e0d4e79d672acf6e35

    • SHA256

      1b1f8bd2ee572022fec620ee46952f595b4846fa7aa6e8726cba81c38fa06931

    • SHA512

      f457f91d10e6c4b2bd46cfaa9bf07c67d2127f5a10f05e712dd72af6276d473ae3ad9b89293d972c523021ca295fe4b306eaa25ae201032da93dde60a13315b3

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks