Overview

overview

10

Static

static

dbc1c77241...in.dll

windows7_x64

10

dbc1c77241...in.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dbc1c772413a6d461d8c5db0d1b2538d9879c3f6890c8be34fe9723b5817909f.bin

  • Size

    2.0MB

  • Sample

    201213-nynflzjg5j

  • MD5

    8cedb99f2453ecc7bb0f9bfc941f24f1

  • SHA1

    40a4d16171d53f62d72317a5f717639df6dd0729

  • SHA256

    dbc1c772413a6d461d8c5db0d1b2538d9879c3f6890c8be34fe9723b5817909f

  • SHA512

    51c21a7d16291c017577a22bf5ad930b2780f8dae81b1ccf190f631443df0d353237761bb8213cec5ed46a1aa36633ea57a95d0e56a338c89246d29d22d6388b

Score
10/10
qakbottr021607427512bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

tr02

Campaign

1607427512

C2

73.32.115.251:443

161.199.180.159:443

185.163.221.77:2222

197.161.154.132:443

105.198.236.99:443

83.196.50.197:2222

96.225.88.23:443

156.222.27.207:995

81.214.126.173:2222

83.110.13.182:2222

85.121.42.12:443

67.82.244.199:2222

172.87.157.235:3389

86.176.133.145:2222

72.186.1.237:443

80.11.5.65:2222

94.59.236.155:995

81.150.181.168:2222

184.98.97.227:995

149.28.101.90:443

Targets

    • Target

      dbc1c772413a6d461d8c5db0d1b2538d9879c3f6890c8be34fe9723b5817909f.bin

    • Size

      2.0MB

    • MD5

      8cedb99f2453ecc7bb0f9bfc941f24f1

    • SHA1

      40a4d16171d53f62d72317a5f717639df6dd0729

    • SHA256

      dbc1c772413a6d461d8c5db0d1b2538d9879c3f6890c8be34fe9723b5817909f

    • SHA512

      51c21a7d16291c017577a22bf5ad930b2780f8dae81b1ccf190f631443df0d353237761bb8213cec5ed46a1aa36633ea57a95d0e56a338c89246d29d22d6388b

    Score
    10/10
    qakbottr021607427512bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks