General

  • Target

    ed863803_by_Libranalysis

  • Size

    129KB

  • Sample

    210505-nezxf34z36

  • MD5

    ed86380327f98715f734892c5c42fbbb

  • SHA1

    38aefb2709ea579c5c0cd0d3f3a519b3ca36e76f

  • SHA256

    aed0eb565872e2282115fc9a2157b3772ac1bb6a733f774e2f2025945b9f4d5d

  • SHA512

    1ab3f3de3bbf6a63c315ab8a58093504e4eb4fce528e064de165034a74e371fffcbfd08d1419462d4ed1381571f88fcd80f21e7100295839e37106682226b00e

Malware Config

Extracted

Family

qakbot

Version

401.51

Botnet

abc104

Campaign

1606818862

C2

79.119.124.237:443

87.218.53.206:2222

181.169.88.203:443

82.12.157.95:995

94.49.188.240:443

46.124.107.124:6881

86.122.248.164:2222

83.202.68.220:2222

79.129.216.215:2222

37.21.231.245:995

47.187.49.3:2222

2.90.33.130:443

149.28.98.196:995

149.28.99.97:443

45.63.107.192:995

149.28.98.196:2222

45.63.107.192:2222

74.73.27.35:443

149.28.98.196:443

144.202.38.185:2222

Targets

    • Target

      e9345360193f2145c60d4f90aee6ce0c895d1f6979e87a88cb1d45d9b00b9852.dll

    • Size

      294KB

    • MD5

      759c097faed8a306ba9306c787565bc8

    • SHA1

      bb5a578c31441f0588736151cba980c86787b98c

    • SHA256

      e9345360193f2145c60d4f90aee6ce0c895d1f6979e87a88cb1d45d9b00b9852

    • SHA512

      53d58b8e5ed2410a0c7a26dc8acf4ab9badb3fb6cf38b988766565eff8c819eeb8242f5d35d8285f63d7ba481d62dc1bd34094450eade5c4d480f41bea09a1f6

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks