General

  • Target

    snow09.exe

  • Size

    2.5MB

  • Sample

    230614-tn3njabc9y

  • MD5

    15ed589908a80c2e8db14f6ad850e881

  • SHA1

    7861197b3a759f5354f209e934ed468e60df1940

  • SHA256

    90ba164a4329285555718582428b2e225fadbf3cedcde35b61764a94a7660933

  • SHA512

    784a58e7387c80a1a102680e2465e32e5327cbd815bc8e4b54ca40f13956f15196b13d92c4403dcf56c17f97d16b9e83995194c9fb29983171cce1b917d66c52

  • SSDEEP

    24576:h2fJSwRBmRwKLt+ujYczdsXBOKrnkvrKmO8ZSFBg0HQ4I2YvhBr7KW:Ym9M2aXAe5gOQvF7KW

Malware Config

Extracted

Family

qakbot

Version

404.1377

Botnet

snow09

Campaign

1686740620

C2

101.184.155.156:2222

89.79.229.50:443

173.17.45.60:443

124.246.122.199:2222

84.215.202.8:443

122.184.143.86:443

79.168.224.165:2222

151.62.174.154:443

124.122.47.148:443

31.190.240.11:443

92.239.81.124:443

31.53.29.210:2222

172.115.17.50:443

70.28.50.223:2083

64.121.161.102:443

187.199.244.117:32103

91.68.227.219:443

176.142.207.63:443

47.199.241.39:443

89.129.109.27:2222

Targets

    • Target

      snow09.exe

    • Size

      2.5MB

    • MD5

      15ed589908a80c2e8db14f6ad850e881

    • SHA1

      7861197b3a759f5354f209e934ed468e60df1940

    • SHA256

      90ba164a4329285555718582428b2e225fadbf3cedcde35b61764a94a7660933

    • SHA512

      784a58e7387c80a1a102680e2465e32e5327cbd815bc8e4b54ca40f13956f15196b13d92c4403dcf56c17f97d16b9e83995194c9fb29983171cce1b917d66c52

    • SSDEEP

      24576:h2fJSwRBmRwKLt+ujYczdsXBOKrnkvrKmO8ZSFBg0HQ4I2YvhBr7KW:Ym9M2aXAe5gOQvF7KW

MITRE ATT&CK Matrix

Tasks