Resubmissions

19-10-2023 14:20

231019-rnhbgshh48 10

19-10-2023 14:11

231019-rg86mahh24 10

13-10-2023 14:40

231013-r11zcsad9w 10

General

  • Target

    3f004293165057ac40d7d2dc663cc62c877ebe29601251dcca24b6aa1062b7af.zip

  • Size

    71KB

  • Sample

    231019-rg86mahh24

  • MD5

    5f9f92dac0de6d3b5f14ebfdea5522c1

  • SHA1

    8ebe7ed0374210296f907cdae2ab9c3821ff0015

  • SHA256

    5eafda875a7dfb6c1ed60b7d90f7625caf24253a1eaf7d040894f45615a31281

  • SHA512

    6abd2fb681cfa8c2f924b84e3aabb029ca7b0b5f24f02a430053a80f729e5844ccb485728a4a5559d463fd02a76d80f3d32ae6666a0fe719fad060f617fa2195

  • SSDEEP

    1536:dMlktIVlYfB7Q+mmmliwTDn3Qki11dZj9rUX6WJaL:dMlktCqhQ+zmliM3Qt3ZjGG

Malware Config

Extracted

Family

qakbot

Version

403.10

Botnet

obama150

Campaign

1640256791

C2

96.21.251.127:2222

70.51.134.181:2222

69.14.172.24:443

186.64.87.213:443

94.62.161.77:995

103.139.242.30:990

114.79.148.170:443

217.164.247.241:2222

178.153.86.181:443

136.232.34.70:443

37.210.226.125:61202

173.21.10.71:2222

31.219.154.176:32101

140.82.49.12:443

32.221.229.7:443

24.152.219.253:995

106.51.48.170:50001

114.38.161.124:995

96.37.113.36:993

190.39.205.165:443

Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      Qak_02CF0000.bin

    • Size

      124KB

    • MD5

      1732464a22a6d4d656b12500de0d9494

    • SHA1

      477f2b33ff38b3806a80fb1133eec32d1d264c55

    • SHA256

      8cb602444ed6e9f554ca05c916839957b88a6abc9b6e67958bae6a7740f01bf4

    • SHA512

      861d5e0129e637ba60a7fba759c0052cf4b4f6392307557cd0b46ab5fc49350bf519b17f117a703fca161a2bb6de3dd8a9873cdb63ed20599f461942894d9027

    • SSDEEP

      3072:z6gdJqokMqk/cfhlbMQTrJhVE/2fTBfAhV7g6Z:ugjqor/cfh2Q/J4/2fTBYYK

MITRE ATT&CK Enterprise v15

Tasks