General

  • Target

    doc_F427_May_31.7z

  • Size

    219KB

  • Sample

    230531-vq45tagc56

  • MD5

    4f070a66994dc1899b9f88440824a3d4

  • SHA1

    8a99b412f8c809adc6a9b971abda1c34c50977af

  • SHA256

    8c4d508ea26e07fd299d88d61b6bf1fc44372e005331a75f7e9b0f6c703e7e74

  • SHA512

    384ca0fe1e3301f6c04a343de66a52db5511f6654380681c154c25c40e1ffd66f41eb880a47828dfe883be3f8e26fb216b15c621912956f2d14a1e407fbfd808

  • SSDEEP

    6144:oY6iv2xQZwxH8ic5QIYLRSBaHBNlAvtU0JAe:p+xQZcH8icjYAiBIUe

Malware Config

Extracted

Family

qakbot

Version

404.1320

Botnet

BB30

Campaign

1685526716

C2

198.2.51.242:993

88.126.94.4:50000

123.3.240.16:6881

183.87.163.165:443

27.99.32.26:2222

180.151.229.230:2078

27.109.19.90:2078

122.184.143.86:443

105.101.207.3:443

84.215.202.8:443

85.231.105.49:2222

12.172.173.82:995

184.181.75.148:443

72.134.124.16:443

149.74.159.67:2222

174.4.89.3:443

200.84.200.20:2222

223.166.13.95:995

69.133.162.35:443

80.12.88.148:2222

Targets

    • Target

      loader.bat

    • Size

      38B

    • MD5

      73abd259ba338a3c16f0852dd226c436

    • SHA1

      40a462bc05600cd14a8055ebc785bd659175ff56

    • SHA256

      74f65cbb217eb94f274311b8912670ac824c949133c2ebdc8937070d4065366c

    • SHA512

      f72a24ff2afc1f52590991cc00c6b6758ed9d1bc92d2fd511a5f1f1cebc0145a414e978415e96e3b4bb14b7123d9341123d2288ae3a086533e8b5cb217cb86b2

    • Target

      sus.dll

    • Size

      398KB

    • MD5

      bd125f3916ce3a8b1272c822b2ebdf15

    • SHA1

      f12af127ad165f5530abdf7a805d96e636308358

    • SHA256

      57ea4337104b5701cbce7a0de4701b20f6c36073cba09c3a375492da4fe20861

    • SHA512

      2d18348cf3e7347b6ec15dd55b4317002aa2e8d7dd1816f3f38a694f51649cbb700eaf3d84c4e19d07f8173f37429d0983fee5537c0ae414f0c57036770d83ef

    • SSDEEP

      6144:PLh9nrxRw13UyU2G8g1QYYZTDt3n2x+Bdv5zs7iBsTYrPlUEYD/QzkRWAFctOp6D:TInTDtXF15zs7iyZ/0tUS1CU3BJbwP

    Score
    3/10

MITRE ATT&CK Matrix

Tasks