General

  • Target

    11.bin

  • Size

    781KB

  • Sample

    191111-7cpggrpxts

  • MD5

    50bc6dec8c8f9be71e8a6007e43fe1a4

  • SHA1

    f4bc517732f00c86074a6860460fda894e09e035

  • SHA256

    13c2f4b6fb80500884a4ea9d2fe80774124f46ebfd80de3e1dfcfb9e167aee08

  • SHA512

    5cf0bf92f9aa7cea0f4378d9fc3d2cbbb69d905840cddb9b92dbfb00ed880071054ec3c6f9f53a20c454e8c3474908b4ab260d973f02cf2b136068763877acf7

Malware Config

Extracted

Family

qakbot

Campaign

1573023013

C2

107.12.140.181:443

67.5.33.229:2078

184.74.101.234:995

172.78.45.13:995

181.95.16.207:443

50.246.229.50:443

207.179.194.91:443

67.246.16.250:995

75.110.250.89:443

173.91.254.236:443

50.78.93.74:995

73.104.218.229:0

47.23.101.26:993

88.111.255.235:2222

12.5.37.3:995

24.30.71.200:443

72.29.181.77:2078

98.155.154.220:443

196.194.74.33:2222

47.214.144.253:443

Targets

    • Target

      11.bin

    • Size

      781KB

    • MD5

      50bc6dec8c8f9be71e8a6007e43fe1a4

    • SHA1

      f4bc517732f00c86074a6860460fda894e09e035

    • SHA256

      13c2f4b6fb80500884a4ea9d2fe80774124f46ebfd80de3e1dfcfb9e167aee08

    • SHA512

      5cf0bf92f9aa7cea0f4378d9fc3d2cbbb69d905840cddb9b92dbfb00ed880071054ec3c6f9f53a20c454e8c3474908b4ab260d973f02cf2b136068763877acf7

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Discovery

Remote System Discovery

1
T1018

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks