General

  • Target

    borisandhisferrari.jpg

  • Size

    905KB

  • Sample

    230223-bc5dwagb4t

  • MD5

    3e662177f4dee632b2fac01ac68824d9

  • SHA1

    78670d5d2f5d58863c34987d70c316a620015c7a

  • SHA256

    0c0bcbf672156c692cc607f862051519ea99836fd3d90a451b049a46949e5893

  • SHA512

    d9777686b5bcdd22d2a9dcb5dd3dd03832feb4481a2402389226c7a3ae2b79d2f699a61c1a1ea14c54a5fcb491d5320d426504bbd873d21dc4b630652fc23ab7

  • SSDEEP

    12288:rrhxV/xG39fx1jGrJySlVB7qZcsyc1m41OSoMhKmkxgt9peTI95kKZPP+Hmm:xxRQfXsy0BTP4gSoMZttvWQ5k

Malware Config

Extracted

Family

qakbot

Version

404.9

Botnet

BB16

Campaign

1677046917

C2

47.21.51.138:443

72.80.7.6:50003

82.127.204.82:2222

49.175.72.56:443

201.244.108.183:995

122.184.143.82:443

102.156.253.86:443

74.58.71.237:443

47.21.51.138:995

77.86.98.236:443

71.31.101.183:443

136.232.184.134:995

86.225.214.138:2222

95.242.101.251:995

109.11.175.42:2222

90.78.138.217:2222

184.176.35.223:2222

35.143.97.145:995

202.186.177.88:443

114.79.180.14:995

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      borisandhisferrari.jpg

    • Size

      905KB

    • MD5

      3e662177f4dee632b2fac01ac68824d9

    • SHA1

      78670d5d2f5d58863c34987d70c316a620015c7a

    • SHA256

      0c0bcbf672156c692cc607f862051519ea99836fd3d90a451b049a46949e5893

    • SHA512

      d9777686b5bcdd22d2a9dcb5dd3dd03832feb4481a2402389226c7a3ae2b79d2f699a61c1a1ea14c54a5fcb491d5320d426504bbd873d21dc4b630652fc23ab7

    • SSDEEP

      12288:rrhxV/xG39fx1jGrJySlVB7qZcsyc1m41OSoMhKmkxgt9peTI95kKZPP+Hmm:xxRQfXsy0BTP4gSoMZttvWQ5k

MITRE ATT&CK Matrix

Tasks