Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks - Microsoft Security Blog
Tags
Common Information
| Type | Value |
|---|---|
| UUID | c9fc4199-c25a-4764-a83a-03a44be49d6d |
| Fingerprint | 949009390df60adb |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 6, 2017, 5:45 a.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 18, 2024, 4:35 a.m. |
| Headline | Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks |
| Title | Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks - Microsoft Security Blog |
| Detected Hints/Tags/Attributes | 60/2/57 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 273 | outlook.com |
|
| Details | File | 1 | %appdata%\microsoft\cexpalgxx\cexpalgxx.exe |
|
| Details | File | 1 | %appdata%\microsoft\cexpalgxx\cexpalgxx32.dll |
|
| Details | File | 63 | ctfmon.exe |
|
| Details | File | 1 | %localappdata%\microsoft\windows ex: c:\windows\system32\netshedule.exe |
|
| Details | File | 1 | c:\windows\system32\netshedule.exe |
|
| Details | sha256 | 1 | da00823090dae3dae452ddc8a4c2a3c087389b4aacf1f0c12d13c83c9fcaef9c |
|
| Details | sha256 | 1 | ca2d536b91b15e7fc44ec93bbed1f0f46ae65c723b8a4823253a2a91b8241f9a |
|
| Details | sha256 | 1 | 4ce5366c7eef1fff1260d5d7a0aec72c1246621838bf8df07f4a6ab3e5369d96 |
|
| Details | sha256 | 1 | ffcb204da3ff72d268c8ac065c2e7cce5c65fafc2f549d92d0c280c6099bd440 |
|
| Details | sha256 | 1 | 59639027a7fd487295bad10db896528ea223684e6595cae4ce9a0bec8d809087 |
|
| Details | IPv4 | 1 | 64.183.173.170 |
|
| Details | IPv4 | 1 | 67.213.243.228 |
|
| Details | IPv4 | 1 | 96.67.244.225 |
|
| Details | IPv4 | 1 | 173.25.234.18 |
|
| Details | IPv4 | 1 | 24.123.151.58 |
|
| Details | IPv4 | 2 | 76.164.161.46 |
|
| Details | IPv4 | 1 | 68.115.254.146 |
|
| Details | IPv4 | 1 | 198.57.88.73 |
|
| Details | IPv4 | 1 | 47.21.79.34 |
|
| Details | IPv4 | 1 | 174.51.185.121 |
|
| Details | IPv4 | 1 | 71.3.55.80 |
|
| Details | IPv4 | 1 | 88.244.177.127 |
|
| Details | IPv4 | 1 | 180.93.148.41 |
|
| Details | IPv4 | 1 | 101.51.40.175 |
|
| Details | IPv4 | 1 | 73.166.94.110 |
|
| Details | IPv4 | 1 | 71.88.202.122 |
|
| Details | IPv4 | 1 | 74.5.136.50 |
|
| Details | IPv4 | 1 | 89.43.179.209 |
|
| Details | IPv4 | 1 | 211.27.18.233 |
|
| Details | IPv4 | 1 | 96.82.91.67 |
|
| Details | IPv4 | 1 | 98.194.132.179 |
|
| Details | IPv4 | 1 | 98.113.137.220 |
|
| Details | IPv4 | 1 | 24.184.200.177 |
|
| Details | IPv4 | 1 | 105.224.247.34 |
|
| Details | IPv4 | 1 | 104.236.252.178 |
|
| Details | IPv4 | 1 | 162.243.159.58 |
|
| Details | IPv4 | 1 | 45.33.55.157 |
|
| Details | IPv4 | 1 | 77.244.245.37 |
|
| Details | IPv4 | 1 | 192.81.212.79 |
|
| Details | IPv4 | 1 | 173.212.192.45 |
|
| Details | IPv4 | 1 | 103.16.131.20 |
|
| Details | IPv4 | 1 | 195.78.33.200 |
|
| Details | IPv4 | 1 | 50.116.54.16 |
|
| Details | IPv4 | 2 | 212.83.166.45 |
|
| Details | IPv4 | 1 | 137.74.254.64 |
|
| Details | IPv4 | 1 | 104.227.137.34 |
|
| Details | IPv4 | 3 | 188.165.220.214 |
|
| Details | IPv4 | 2 | 85.143.221.180 |
|
| Details | IPv4 | 2 | 119.82.27.246 |
|
| Details | IPv4 | 2 | 194.88.246.7 |
|
| Details | IPv4 | 2 | 206.214.220.79 |
|
| Details | IPv4 | 1 | 173.230.136.67 |
|
| Details | IPv4 | 1 | 173.224.218.25 |
|
| Details | Windows Registry Key | 188 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Windows Registry Key | 7 | HKLM\SYSTEM\CurrentControlSet\services |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\ControlSet001\services\netshedule |