General

  • Target

    f5f7253415ff4564caa2aaf812668326.dll

  • Size

    1.4MB

  • Sample

    210505-y4c6e3zccj

  • MD5

    f5f7253415ff4564caa2aaf812668326

  • SHA1

    4893749389cba9924dd6e6cc83eaa8caccdf2128

  • SHA256

    cdb955547f9718c2755a828c8b3d5a4baa2e97f31ba77fadef01e78abb8f3b68

  • SHA512

    60c285df24b28f5403621cd26fac98349e2f7259a2836434b4b606bf1ebf6124abc6a2c6ea37fe16291e73b78cd33ec3e5a45b760e88ff9f287cf477c0fb366c

Malware Config

Extracted

Family

qakbot

Version

402.1

Botnet

tr

Campaign

1618225074

C2

197.45.110.165:995

216.201.162.158:443

71.74.12.34:443

45.63.107.192:2222

149.28.101.90:2222

45.32.211.207:443

45.32.211.207:995

45.32.211.207:8443

45.32.211.207:2222

149.28.99.97:995

149.28.98.196:443

149.28.101.90:443

149.28.101.90:8443

207.246.77.75:2222

207.246.116.237:443

207.246.116.237:995

207.246.116.237:2222

45.77.117.108:995

149.28.99.97:443

45.63.107.192:443

Targets

    • Target

      f5f7253415ff4564caa2aaf812668326.dll

    • Size

      1.4MB

    • MD5

      f5f7253415ff4564caa2aaf812668326

    • SHA1

      4893749389cba9924dd6e6cc83eaa8caccdf2128

    • SHA256

      cdb955547f9718c2755a828c8b3d5a4baa2e97f31ba77fadef01e78abb8f3b68

    • SHA512

      60c285df24b28f5403621cd26fac98349e2f7259a2836434b4b606bf1ebf6124abc6a2c6ea37fe16291e73b78cd33ec3e5a45b760e88ff9f287cf477c0fb366c

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks