General

  • Target

    overTheline.dat

  • Size

    523KB

  • Sample

    230614-mhvx6sga46

  • MD5

    5ac0d6b9c7c6c0b79b3245b06e2ca807

  • SHA1

    65bc96b4ca1b0db86ac65f3e615e36d77ade6ab8

  • SHA256

    75c93eca6354ff0ab856a64fa07ddf25f6b4973ee609fc8e3efaf5049a04bf64

  • SHA512

    e9fc77f1c90cf42c00c31438b3d94322b0810fb08c1e9b83783a0979380b2f8e9ecbd3b2abf13147e949a3366edff3f5c92f8361e6f556c73362b13f737ac390

  • SSDEEP

    12288:xspsY6tHFBPl7rNu5bZHZ95gjyIaa0Pxg:xspsY6tHFBd7rIl175gjyIl0O

Malware Config

Extracted

Family

qakbot

Version

404.1374

Botnet

BB32

Campaign

1686673959

C2

190.141.193.170:443

184.189.41.80:443

149.74.159.67:2222

41.227.83.112:995

24.234.220.88:443

165.120.244.223:2222

85.152.152.46:443

213.16.249.54:995

197.26.182.159:443

86.129.138.170:443

66.241.183.99:443

74.12.146.45:2222

190.199.147.209:2222

47.205.25.170:443

12.172.173.82:993

66.35.126.117:2222

84.35.26.14:995

64.145.76.21:22

147.147.30.126:2222

80.12.88.148:2222

Targets

    • Target

      overTheline.dat

    • Size

      523KB

    • MD5

      5ac0d6b9c7c6c0b79b3245b06e2ca807

    • SHA1

      65bc96b4ca1b0db86ac65f3e615e36d77ade6ab8

    • SHA256

      75c93eca6354ff0ab856a64fa07ddf25f6b4973ee609fc8e3efaf5049a04bf64

    • SHA512

      e9fc77f1c90cf42c00c31438b3d94322b0810fb08c1e9b83783a0979380b2f8e9ecbd3b2abf13147e949a3366edff3f5c92f8361e6f556c73362b13f737ac390

    • SSDEEP

      12288:xspsY6tHFBPl7rNu5bZHZ95gjyIaa0Pxg:xspsY6tHFBd7rIl175gjyIl0O

MITRE ATT&CK Matrix

Tasks