General

  • Target

    Celod.wac

  • Size

    534KB

  • Sample

    211021-mgh7zsbabq

  • MD5

    898ba3b11fb261c893990e9a178d05ff

  • SHA1

    9db70b8ed8e080050943dd92e6a90959e77abe1e

  • SHA256

    c5148afaf55c8b27a41a5971b6e439c8076b57f84c518f31bfec4171cd112a13

  • SHA512

    6ec3a441202e233c7cfc563c54023a24e83b55941db46abfd12d614ba5f3fb2fcd4a79515b1b876f10de13935543f421d36bd028c4a18370d7799d266ba76bf5

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

biden54

Campaign

1634802135

C2

81.250.153.227:2222

120.150.218.241:995

76.25.142.196:443

63.143.92.99:995

89.101.97.139:443

136.143.11.232:443

81.213.59.22:443

136.232.34.70:443

140.82.49.12:443

37.208.181.198:61200

78.191.24.189:995

216.201.162.158:443

197.89.144.102:443

89.137.52.44:443

182.176.180.73:443

173.21.10.71:2222

117.198.156.56:443

196.207.140.40:995

103.142.10.177:443

24.231.209.2:6881

Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      Celod.wac

    • Size

      534KB

    • MD5

      898ba3b11fb261c893990e9a178d05ff

    • SHA1

      9db70b8ed8e080050943dd92e6a90959e77abe1e

    • SHA256

      c5148afaf55c8b27a41a5971b6e439c8076b57f84c518f31bfec4171cd112a13

    • SHA512

      6ec3a441202e233c7cfc563c54023a24e83b55941db46abfd12d614ba5f3fb2fcd4a79515b1b876f10de13935543f421d36bd028c4a18370d7799d266ba76bf5

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

1
T1112

Tasks