General

  • Target

    borisIntheZone.dat

  • Size

    533KB

  • Sample

    230613-vhly9shc98

  • MD5

    b077713f1eb06b310de1cda32ca6251e

  • SHA1

    494f6b972ae7aef91fff3fb730fbf130bcf8df3c

  • SHA256

    6b61516d0e4d76e3be5e8c0bb50a7c755f14bed9ce5305aa871c01afb22951f2

  • SHA512

    0a1e69619b3e83bdcae66489cc695ba56c0fbb5f4ab947c897799476ba324c98ccc1b811c6a465cf4e2cf7ee20a16e552bb949bfa96258be14d15dd61ae494d9

  • SSDEEP

    12288:xspsY6tHFBPl7rNu5bZHZ95gjyIaa0Pxg:xspsY6tHFBd7rIl175gjyIl0O

Malware Config

Extracted

Family

qakbot

Version

404.1374

Botnet

BB32

Campaign

1686673959

C2

190.141.193.170:443

184.189.41.80:443

149.74.159.67:2222

41.227.83.112:995

24.234.220.88:443

165.120.244.223:2222

85.152.152.46:443

213.16.249.54:995

197.26.182.159:443

86.129.138.170:443

66.241.183.99:443

74.12.146.45:2222

190.199.147.209:2222

47.205.25.170:443

12.172.173.82:993

66.35.126.117:2222

84.35.26.14:995

64.145.76.21:22

147.147.30.126:2222

80.12.88.148:2222

Targets

    • Target

      borisIntheZone.dat

    • Size

      533KB

    • MD5

      b077713f1eb06b310de1cda32ca6251e

    • SHA1

      494f6b972ae7aef91fff3fb730fbf130bcf8df3c

    • SHA256

      6b61516d0e4d76e3be5e8c0bb50a7c755f14bed9ce5305aa871c01afb22951f2

    • SHA512

      0a1e69619b3e83bdcae66489cc695ba56c0fbb5f4ab947c897799476ba324c98ccc1b811c6a465cf4e2cf7ee20a16e552bb949bfa96258be14d15dd61ae494d9

    • SSDEEP

      12288:xspsY6tHFBPl7rNu5bZHZ95gjyIaa0Pxg:xspsY6tHFBd7rIl175gjyIl0O

MITRE ATT&CK Matrix

Tasks