General

  • Target

    175a611670e535ef1033f4cb95afd974b24334c2ceddb26b320ca14455a40bb6.dll

  • Size

    963KB

  • Sample

    210507-q7h76g45ke

  • MD5

    16f84c82e6f0d47389f70d59d395778d

  • SHA1

    2bc9c1965b0996d9f2e931f1a83dcf81ffd66876

  • SHA256

    175a611670e535ef1033f4cb95afd974b24334c2ceddb26b320ca14455a40bb6

  • SHA512

    78b6b58a857f54038daf1769ec52c23bd2fc5a4d79e3fa4dcd4df2c2a2bbc7a10f2d456a710f1b8ea1fdc67a666933204072e4f361c27101105de61e4efd751b

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

domain02

Campaign

1613028094

C2

32.210.98.6:443

70.49.88.199:2222

151.205.102.42:443

178.152.79.153:995

216.195.46.163:2222

72.252.201.69:443

90.65.236.181:2222

98.173.34.212:995

97.69.160.4:2222

69.245.102.225:443

144.139.166.18:443

73.25.124.140:2222

189.223.205.126:443

157.131.108.180:443

71.197.126.250:443

73.228.197.5:443

151.213.189.62:443

24.229.150.54:995

84.72.35.226:443

199.19.117.131:443

Targets

    • Target

      175a611670e535ef1033f4cb95afd974b24334c2ceddb26b320ca14455a40bb6.dll

    • Size

      963KB

    • MD5

      16f84c82e6f0d47389f70d59d395778d

    • SHA1

      2bc9c1965b0996d9f2e931f1a83dcf81ffd66876

    • SHA256

      175a611670e535ef1033f4cb95afd974b24334c2ceddb26b320ca14455a40bb6

    • SHA512

      78b6b58a857f54038daf1769ec52c23bd2fc5a4d79e3fa4dcd4df2c2a2bbc7a10f2d456a710f1b8ea1fdc67a666933204072e4f361c27101105de61e4efd751b

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks