General

  • Target

    leef.html

  • Size

    289KB

  • Sample

    210622-gkvpygn48j

  • MD5

    3000a3e6065f3a2f6acaa955da36954c

  • SHA1

    4dff723e082b07b3def415fc402bdec699224e03

  • SHA256

    78d4dac11b2365e5c6dfde212158a668db2102220f0a2faac59284866d8e8674

  • SHA512

    c95e4945b04065c2740e55958208262af89095ce6cdbc8a1f716f22276cce4ab3f1dbe1b298662206cc2d9fbddd51516c4f751af2ffa01a3f95fc50528e88823

Malware Config

Extracted

Family

qakbot

Version

402.115

Botnet

tr

Campaign

1623837834

C2

144.139.47.206:443

105.198.236.101:443

136.232.34.70:443

90.65.234.26:2222

71.41.184.10:3389

98.192.185.86:443

184.185.103.157:443

24.179.77.236:443

81.97.154.100:443

186.144.33.73:443

96.253.46.210:443

213.122.113.120:443

47.22.148.6:443

149.28.99.97:995

45.63.107.192:2222

45.32.211.207:443

45.32.211.207:8443

149.28.98.196:995

45.63.107.192:995

45.77.115.208:443

Targets

    • Target

      leef.html

    • Size

      289KB

    • MD5

      3000a3e6065f3a2f6acaa955da36954c

    • SHA1

      4dff723e082b07b3def415fc402bdec699224e03

    • SHA256

      78d4dac11b2365e5c6dfde212158a668db2102220f0a2faac59284866d8e8674

    • SHA512

      c95e4945b04065c2740e55958208262af89095ce6cdbc8a1f716f22276cce4ab3f1dbe1b298662206cc2d9fbddd51516c4f751af2ffa01a3f95fc50528e88823

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks