General

  • Target

    10.bin

  • Size

    781KB

  • Sample

    191111-m8tm8zqbrs

  • MD5

    6f7a49f77bdfb75460ccdebb8367c744

  • SHA1

    e846a9a59c3a8fbb161604198e46154010c7d5b0

  • SHA256

    256967605423fea1e00368078eea1cdb52d391aa0091e0798db797ab337d1567

  • SHA512

    a51436708457239de459f7ffa3f823cb6a250ce1cce6b9d3513748e22be9f70fd3dda74888b73fecb268d04ef91a7b8e130e74b13e48c352df0d28fb3b567dd6

Malware Config

Extracted

Family

qakbot

Campaign

1573023013

C2

107.12.140.181:443

67.5.33.229:2078

184.74.101.234:995

172.78.45.13:995

181.95.16.207:443

50.246.229.50:443

207.179.194.91:443

67.246.16.250:995

75.110.250.89:443

173.91.254.236:443

50.78.93.74:995

73.104.218.229:0

47.23.101.26:993

88.111.255.235:2222

12.5.37.3:995

24.30.71.200:443

72.29.181.77:2078

98.155.154.220:443

196.194.74.33:2222

47.214.144.253:443

Targets

    • Target

      10.bin

    • Size

      781KB

    • MD5

      6f7a49f77bdfb75460ccdebb8367c744

    • SHA1

      e846a9a59c3a8fbb161604198e46154010c7d5b0

    • SHA256

      256967605423fea1e00368078eea1cdb52d391aa0091e0798db797ab337d1567

    • SHA512

      a51436708457239de459f7ffa3f823cb6a250ce1cce6b9d3513748e22be9f70fd3dda74888b73fecb268d04ef91a7b8e130e74b13e48c352df0d28fb3b567dd6

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Discovery

Remote System Discovery

1
T1018

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks