General

  • Target

    boris_likes_hiphop.dat

  • Size

    771KB

  • Sample

    230210-rzt5esdh39

  • MD5

    0a702177c0568d3615c497e58a442224

  • SHA1

    3fc648e6444b8f9737637cb9809931bae6aba1da

  • SHA256

    705a43ff7578b9f083743c70bfdde38cb444755c49525788b700327bce9755c7

  • SHA512

    be0badf73cf7ecdc041a7eab205f07f8ab82aca94402bdd865e285897e0d5a6726f09d41c9a4ab0da58eec5100ea75c2a9f06ffadc4d58b36d09a29a70b19b5b

  • SSDEEP

    24576:/H81smt4vyVjXe1ikZdtjMsc7MscXMscktkTNd8uB:kefBtkf8

Malware Config

Extracted

Family

qakbot

Version

404.506

Botnet

obama239

Campaign

1675927483

C2

174.104.184.149:443

76.170.252.153:995

171.97.42.67:443

27.0.48.205:443

83.114.60.6:2222

87.202.101.164:50000

88.126.112.14:50000

35.143.97.145:995

104.35.24.154:443

98.145.23.67:443

98.147.155.235:443

24.64.112.40:61202

24.64.112.40:2222

114.143.176.234:443

85.231.105.49:2222

181.118.206.65:995

82.127.204.82:2222

86.194.156.14:2222

108.2.111.66:995

156.217.208.137:995

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      boris_likes_hiphop.dat

    • Size

      771KB

    • MD5

      0a702177c0568d3615c497e58a442224

    • SHA1

      3fc648e6444b8f9737637cb9809931bae6aba1da

    • SHA256

      705a43ff7578b9f083743c70bfdde38cb444755c49525788b700327bce9755c7

    • SHA512

      be0badf73cf7ecdc041a7eab205f07f8ab82aca94402bdd865e285897e0d5a6726f09d41c9a4ab0da58eec5100ea75c2a9f06ffadc4d58b36d09a29a70b19b5b

    • SSDEEP

      24576:/H81smt4vyVjXe1ikZdtjMsc7MscXMscktkTNd8uB:kefBtkf8

MITRE ATT&CK Matrix

Tasks