General

  • Target

    rober.html.dll

  • Size

    846KB

  • Sample

    211008-wvnt3aehbj

  • MD5

    bd340432e14b13f35332a3cce01d0c5a

  • SHA1

    c86b4b14b9bf7b9ff6318a88618b37b8818eee94

  • SHA256

    881d94542dcf8f57aa5466c15580a3f61247279d6258acd3c86ab59669d032fb

  • SHA512

    2c4ac83c57d16e0367d7894022d56a06ac7781b85e4075cb3fdce045135d5cba0dce563abd999988133bb81f094da620d669ce5ad6ff8d905c3baf77678c99ab

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1633597626

C2

120.150.218.241:995

185.250.148.74:443

89.137.52.44:443

66.103.170.104:2222

86.8.177.143:443

216.201.162.158:443

174.54.193.186:443

103.148.120.144:443

188.50.169.158:443

124.123.42.115:2222

140.82.49.12:443

199.27.127.129:443

81.241.252.59:2078

209.142.97.161:995

209.50.20.255:443

73.230.205.91:443

200.232.214.222:995

103.142.10.177:443

2.222.167.138:443

41.228.22.180:443

Targets

    • Target

      rober.html.dll

    • Size

      846KB

    • MD5

      bd340432e14b13f35332a3cce01d0c5a

    • SHA1

      c86b4b14b9bf7b9ff6318a88618b37b8818eee94

    • SHA256

      881d94542dcf8f57aa5466c15580a3f61247279d6258acd3c86ab59669d032fb

    • SHA512

      2c4ac83c57d16e0367d7894022d56a06ac7781b85e4075cb3fdce045135d5cba0dce563abd999988133bb81f094da620d669ce5ad6ff8d905c3baf77678c99ab

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks