General

  • Target

    44364.7090825231.dat =^_^=

  • Size

    719KB

  • Sample

    210617-g8lyqchxba

  • MD5

    a746b89d5be4cb93c1d0e828177784cd

  • SHA1

    c5cfec2f33cec1d4e3e0051292002b8438e6ad03

  • SHA256

    7401b05c304b09970c6b5df5b7772d2718702575b8c57253b3935c92f49555d9

  • SHA512

    d9662a902c52e546471c8e593fe01b4ded490570ef4182c84c6786455f7abb813d5138aab5be997dd804d8fe2a4eb44a4c9f6d9aa38a22d80aa2b6371120f77a

Malware Config

Extracted

Family

qakbot

Version

402.115

Botnet

clinton35

Campaign

1623917674

C2

86.220.60.247:2222

24.179.77.236:443

68.186.192.69:443

197.45.110.165:995

96.253.46.210:443

186.144.33.73:443

175.136.38.142:443

47.22.148.6:443

76.25.142.196:443

45.32.211.207:443

207.246.116.237:8443

45.77.115.208:443

45.77.115.208:995

149.28.101.90:2222

207.246.116.237:443

144.202.38.185:2222

149.28.101.90:995

207.246.77.75:443

207.246.77.75:995

207.246.77.75:2222

Targets

    • Target

      44364.7090825231.dat =^_^=

    • Size

      719KB

    • MD5

      a746b89d5be4cb93c1d0e828177784cd

    • SHA1

      c5cfec2f33cec1d4e3e0051292002b8438e6ad03

    • SHA256

      7401b05c304b09970c6b5df5b7772d2718702575b8c57253b3935c92f49555d9

    • SHA512

      d9662a902c52e546471c8e593fe01b4ded490570ef4182c84c6786455f7abb813d5138aab5be997dd804d8fe2a4eb44a4c9f6d9aa38a22d80aa2b6371120f77a

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks