General

  • Target

    Malware.zip

  • Size

    363KB

  • Sample

    230222-rq4mhaca85

  • MD5

    96e613bfb0aef8cd5deb17bb8aff9a6d

  • SHA1

    000c57bc9c494ec46aded035b2ec0235ffe520ce

  • SHA256

    08d83dec2a7198b03ce424b9cbddfc7dda1703040f17d5a0089e98f32ad02162

  • SHA512

    4352e712b6b3ac901ccfdcd158f87ba79f83f1e4612e6dfa02c5d0c53036059896b09859103ea8a0860e65c8c93380c9d7a28c9ddefb87efaf2d25010f0cda72

  • SSDEEP

    6144:oIeBGuU1T/LJ6DidKoI59JmINKj3aT4vZlj/Nvywga2lSxiouxiMoXkvm/d:oXkHJ62idovZR1gcxBMmkv2d

Malware Config

Extracted

Family

qakbot

Version

404.9

Botnet

obama241

Campaign

1677046861

C2

47.21.51.138:443

72.80.7.6:50003

82.127.204.82:2222

49.175.72.56:443

201.244.108.183:995

122.184.143.82:443

102.156.253.86:443

74.58.71.237:443

47.21.51.138:995

77.86.98.236:443

71.31.101.183:443

136.232.184.134:995

86.225.214.138:2222

95.242.101.251:995

109.11.175.42:2222

90.78.138.217:2222

184.176.35.223:2222

35.143.97.145:995

202.186.177.88:443

114.79.180.14:995

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      RunDLL-1.bat

    • Size

      29B

    • MD5

      07e6fb7ca5bb1c968c31dbe8a4360a33

    • SHA1

      5f8e8377b97be5836929ab6373703451881a80db

    • SHA256

      5af8084bb03e0a11575ff971459729647765b8471221a5dfe7001b6b3022f291

    • SHA512

      1e8439281667d566acf3a341edbbbc3a3b87491eea522523a8a045b3b18ed8a8958446249060d5ec1506296263fa2a339aa1322b3483ea2708cf4f038596d040

    • Target

      aZjIBat.jpg

    • Size

      904KB

    • MD5

      8ef8c28ae207e7c8fecdfea659cd21f2

    • SHA1

      a1990b4ceae51b742105741553e805a0a8a8cf1d

    • SHA256

      0fcfe3f9e1d64ee98297802279606f15489af1c8e473e6e8072b5088b5a8b3a6

    • SHA512

      1fd73f8468d63cd37d44e9d87ac39285d713f6a5a6296225366a52c99a81ab04e05e27980e7b801169bbfc8739483ab6e8ca6df0850c9e103730b9f5b5aea5f7

    • SSDEEP

      12288:4rNxV/xG39fx1jGrJySlVB7qZcsyc1m41OSoMMxM6m+Hmmn:YxRQfXsy0BTP4gSoMMxR/

    Score
    3/10

MITRE ATT&CK Matrix

Tasks