General

  • Target

    44372.6062063657.dat =^_^=

  • Size

    280KB

  • Sample

    210625-7xy91spwns

  • MD5

    f2f9c0ec15e08c556bbf199c75fb9499

  • SHA1

    98edd6e7eab54fff42dccc7b09794c8858a87316

  • SHA256

    9a158e6e3dd0bf221d752246e4b901eb1d69d7e0e1c2b259d0db04f798b26f4c

  • SHA512

    52749a0ba195faf68186aebec3685a8d3bbcd5b874b45417b77085b6bd2fb85d73b5f793fbba7b86303d8d4ad612c3733c88c37780e0fbfb1234438dd29eab7a

Malware Config

Extracted

Family

qakbot

Version

402.115

Botnet

obama64

Campaign

1624560446

C2

140.82.49.12:443

81.214.126.173:2222

75.67.192.125:443

216.201.162.158:443

76.25.142.196:443

68.186.192.69:443

95.77.223.148:443

97.69.160.4:2222

71.41.184.10:3389

184.185.103.157:443

189.210.115.207:443

24.179.77.236:443

73.151.236.31:443

188.26.180.140:443

213.122.113.120:443

75.137.47.174:443

197.45.110.165:995

72.240.200.181:2222

75.188.35.168:443

173.21.10.71:2222

Targets

    • Target

      44372.6062063657.dat =^_^=

    • Size

      280KB

    • MD5

      f2f9c0ec15e08c556bbf199c75fb9499

    • SHA1

      98edd6e7eab54fff42dccc7b09794c8858a87316

    • SHA256

      9a158e6e3dd0bf221d752246e4b901eb1d69d7e0e1c2b259d0db04f798b26f4c

    • SHA512

      52749a0ba195faf68186aebec3685a8d3bbcd5b874b45417b77085b6bd2fb85d73b5f793fbba7b86303d8d4ad612c3733c88c37780e0fbfb1234438dd29eab7a

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks