General

  • Target

    distantly.dat

  • Size

    682KB

  • Sample

    230602-m7475sba85

  • MD5

    5f1e08625d65bb93e8bf4611d2ee9070

  • SHA1

    56fc9eb319ac902ac7e26357bd4cc598a3644d38

  • SHA256

    7bfa0fc80cf1b4dc110356aad858ed3638985dce794286dfe9a25ff3869fed02

  • SHA512

    94de1f8c3da8439f6bee529cf6e4d10979ca757af0b30f27b7d9f2d0dbbd18051c9b49e3c7470c2c271bbf1221986497e266168ff9a2d47d5b47924eac7fd011

  • SSDEEP

    12288:dDxy+2MIBYYimb3oG11xfTUOz3dluiIIN:Vg+2MIBYkb4G11hTsi

Malware Config

Extracted

Family

qakbot

Version

404.1346

Botnet

BB30

Campaign

1685686808

C2

86.173.2.12:2222

92.9.45.20:2222

100.4.163.158:2222

213.64.33.92:2222

75.98.154.19:443

78.192.109.105:2222

88.126.94.4:50000

70.28.50.223:2083

92.154.17.149:2222

24.234.220.88:993

87.252.106.39:995

174.4.89.3:443

12.172.173.82:20

90.29.86.138:2222

70.160.67.203:443

223.166.13.95:995

184.181.75.148:443

95.45.50.93:2222

201.143.215.69:443

64.121.161.102:443

Targets

    • Target

      distantly.dat

    • Size

      682KB

    • MD5

      5f1e08625d65bb93e8bf4611d2ee9070

    • SHA1

      56fc9eb319ac902ac7e26357bd4cc598a3644d38

    • SHA256

      7bfa0fc80cf1b4dc110356aad858ed3638985dce794286dfe9a25ff3869fed02

    • SHA512

      94de1f8c3da8439f6bee529cf6e4d10979ca757af0b30f27b7d9f2d0dbbd18051c9b49e3c7470c2c271bbf1221986497e266168ff9a2d47d5b47924eac7fd011

    • SSDEEP

      12288:dDxy+2MIBYYimb3oG11xfTUOz3dluiIIN:Vg+2MIBYkb4G11hTsi

MITRE ATT&CK Matrix

Tasks