Resubmissions

26-01-2022 17:47

220126-wc75zsgacm 10

26-01-2022 16:10

220126-tmvarsfee3 10

General

  • Target

    a6c5c62772e986359385b47073dfa909e5638bb1b8f3622e147153b4721f0aa6

  • Size

    541KB

  • Sample

    220126-tmvarsfee3

  • MD5

    cccab2984ff316a36630e869282d8189

  • SHA1

    24201f608110ae4d54a840e3af9490ea96091cb5

  • SHA256

    a6c5c62772e986359385b47073dfa909e5638bb1b8f3622e147153b4721f0aa6

  • SHA512

    bf332287aee1dbaa813dc8ed12a7a362d8e1b2a57455e2609fe720658415cc417fd938aab69a30962cc74b777ab06a6707f306ec1f019e7dac5d2b5e59da4742

Malware Config

Extracted

Family

qakbot

Version

403.10

Botnet

tr

Campaign

1643025272

C2

103.143.8.71:6881

37.210.172.200:2222

136.143.11.232:443

190.73.3.148:2222

78.101.147.76:61202

82.152.39.39:443

65.100.174.110:995

65.100.174.110:443

111.125.245.116:995

117.248.109.38:21

31.215.99.178:443

103.142.10.177:443

39.49.110.129:995

86.97.246.244:1194

68.204.7.158:443

217.128.93.27:2222

144.86.28.125:443

94.59.253.222:2222

120.150.218.241:995

185.249.85.209:443

Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      a6c5c62772e986359385b47073dfa909e5638bb1b8f3622e147153b4721f0aa6

    • Size

      541KB

    • MD5

      cccab2984ff316a36630e869282d8189

    • SHA1

      24201f608110ae4d54a840e3af9490ea96091cb5

    • SHA256

      a6c5c62772e986359385b47073dfa909e5638bb1b8f3622e147153b4721f0aa6

    • SHA512

      bf332287aee1dbaa813dc8ed12a7a362d8e1b2a57455e2609fe720658415cc417fd938aab69a30962cc74b777ab06a6707f306ec1f019e7dac5d2b5e59da4742

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

1
T1112

Tasks