General

  • Target

    unknown_PID554_hiddenmodule_8F0000_x86.dll

  • Size

    144KB

  • Sample

    230213-sp9msseb22

  • MD5

    1f672b4e8257e3dfd3d7eee04f1efac9

  • SHA1

    9a2cbf2c742307eeea28c81cc1bbd713a882b4f1

  • SHA256

    3e15a3bf700eb4cea2bd0d49ef100f295520972544a224d51501906d86ef7714

  • SHA512

    28d23c8db00efadb63c27c54819ba562b6b802d518970378c89eec4719132c498b4a65d8e33215f0951cbc15ceb8a668e38d8f82aede0f905f5a6dc2776d8993

  • SSDEEP

    3072:G6MvCeiR77JQyCEz62xG3A9JCXF0LTBfvy/1:LR77J1ZzhGw9J6F0LTBny/

Score
10/10

Malware Config

Extracted

Family

qakbot

Version

404.432

Botnet

BB12

Campaign

1675417198

C2

12.172.173.82:995

12.172.173.82:2087

50.68.204.71:443

84.215.202.22:443

98.175.176.254:995

184.155.91.69:443

50.68.186.195:443

183.87.163.165:443

172.248.42.122:443

93.156.100.20:443

102.156.32.143:443

50.60.157.175:995

75.143.236.149:443

69.133.162.35:443

105.184.159.165:995

130.43.172.217:2222

82.36.36.76:443

73.223.248.31:443

202.142.98.62:443

73.161.176.218:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      unknown_PID554_hiddenmodule_8F0000_x86.dll

    • Size

      144KB

    • MD5

      1f672b4e8257e3dfd3d7eee04f1efac9

    • SHA1

      9a2cbf2c742307eeea28c81cc1bbd713a882b4f1

    • SHA256

      3e15a3bf700eb4cea2bd0d49ef100f295520972544a224d51501906d86ef7714

    • SHA512

      28d23c8db00efadb63c27c54819ba562b6b802d518970378c89eec4719132c498b4a65d8e33215f0951cbc15ceb8a668e38d8f82aede0f905f5a6dc2776d8993

    • SSDEEP

      3072:G6MvCeiR77JQyCEz62xG3A9JCXF0LTBfvy/1:LR77J1ZzhGw9J6F0LTBny/

    Score
    7/10
    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks