Resubmissions

03/01/2023, 22:21

230103-19zbkadb27 10

03/01/2023, 21:37

230103-1ggaaagc4v 3

20/12/2022, 21:04

221220-zwk2caec3s 10

20/12/2022, 20:57

221220-zrtgxsec2x 10

20/12/2022, 19:58

221220-ypwzlaah56 10

20/12/2022, 19:49

221220-yjtx2sea5z 3

General

  • Target

    cce9b70b263cd92ad3f4a61065f38520-sample.zip

  • Size

    632KB

  • Sample

    221220-zrtgxsec2x

  • MD5

    58542a890ce2a158b49cf6a84530ebe6

  • SHA1

    6ae7d9b6c731b11f0591d1bd05a8971a68e57879

  • SHA256

    b2806d6f89e075e79fb607fc98f1f8475da4a9304ae57489a2dcf7268c03809b

  • SHA512

    6f699c2302f56b59b7f41714b7b925809d5174ce9110abff1d1372009989b6a6ffbe6a6962ee7d8d8d9c7c8c564fc0495d167ef6b68b63105a19567b60b72092

  • SSDEEP

    12288:2R0pchTX5rhYBtkToWespMTvUxFi/SUZcqMxXHyhRoWYPv3LaLgTMlnv:hchTprueM4CcqySzoWY33L/TMF

Malware Config

Extracted

Family

qakbot

Version

404.60

Botnet

obama231

Campaign

1671537480

C2

181.118.206.65:995

83.110.95.209:995

147.148.234.231:2222

93.156.97.50:443

217.128.200.114:2222

76.11.14.249:443

80.98.132.66:443

175.139.130.191:2222

27.99.45.237:2222

72.200.109.104:443

184.153.132.82:443

92.148.54.239:2222

90.119.197.132:2222

86.96.75.237:2222

199.83.165.233:443

12.172.173.82:995

12.172.173.82:50001

37.15.128.31:2222

86.99.15.254:2222

91.96.249.3:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      DocumentsFolder 9790038 12202022.img

    • Size

      2.3MB

    • MD5

      9c48a4a759736c484133d5f0b7f8fb6b

    • SHA1

      f3789ccf422731acd0267c6401b48f7369942e9a

    • SHA256

      d11c02eedbdce883293bc676d4f635357ab3dab76ccc4c3d100c73e41e1e7a65

    • SHA512

      276f572e8e835b5a4425b169bfa0bf12844692747c61fbbcfc3417f5be27cc7b157086808208493ac3c7ed9bda1359e17fefb0e21e8ac0d139e729ea79d36063

    • SSDEEP

      24576:MKbbqQlRH90zhBs7tl+vJtzsJPwfwXR1F0yvc8NTmIg9EcjZdFkz:MKXqQz901gcDsJPwfwXfFxvFnQ

MITRE ATT&CK Enterprise v6

Tasks