General

  • Size

    849KB

  • Sample

    220923-g82whsddb6

  • MD5

    e22a4ef15b7c6c9eb884e445cefa2ef9

  • SHA1

    b9da48940ae7e41de7bc6c0909ab53465d05e3c7

  • SHA256

    5e5c55c133d644de044f5bcb782b618fd188a1c6ca707298815ab23295fb43c1

  • SHA512

    3cc653b343d7f972d823e42bda4150c0747f81617b4f795e2724dfa4f0f0f10756fc068feaeedeb69ef7b4bdcd931908c5cfb0f1e8a170925915a771ff1738f8

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1663698873

C2

173.218.180.91:443

134.35.13.43:443

197.94.84.128:443

70.51.132.197:2222

181.118.183.123:443

189.19.189.222:32101

41.111.1.60:995

70.49.33.200:2222

99.232.140.205:2222

139.228.33.176:2222

193.3.19.37:443

41.99.57.155:443

177.255.14.99:995

31.54.39.153:2078

191.97.234.238:995

105.159.30.48:443

217.165.146.41:993

119.82.111.158:443

66.181.164.43:443

88.245.168.200:2222

Attributes
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      aggravates.dll

    • Size

      849KB

    • MD5

      e22a4ef15b7c6c9eb884e445cefa2ef9

    • SHA1

      b9da48940ae7e41de7bc6c0909ab53465d05e3c7

    • SHA256

      5e5c55c133d644de044f5bcb782b618fd188a1c6ca707298815ab23295fb43c1

    • SHA512

      3cc653b343d7f972d823e42bda4150c0747f81617b4f795e2724dfa4f0f0f10756fc068feaeedeb69ef7b4bdcd931908c5cfb0f1e8a170925915a771ff1738f8

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation