md.dll

General
Target

md.dll

Size

2MB

Sample

210215-qzqcaj7jhn

Score
10 /10
MD5

04416cf8bf1c7d31a606edff765529df

SHA1

bb6abc451db164e17a5dd030b355b309c219623d

SHA256

5094e17105845238a6a2aaf54cd6769733032009a9ddd24e8af046837c1c12e6

SHA512

348e86e7efa139f90fe71b751d476aa0ea6e83cc0cc37f9d18b4d9ebc0d37a47bafc4d911a603457bd6d36b7ed323520b11df06edb69605c961c721037628317

Malware Config

Extracted

Family qakbot
Botnet domain02
Campaign 1606721866
C2

106.51.52.111:443

2.88.53.159:995

89.33.87.107:443

185.105.131.233:443

175.137.119.141:443

197.161.154.132:443

39.32.125.15:995

217.133.54.140:32100

118.70.55.146:443

86.97.221.121:443

194.243.78.225:443

87.27.110.90:2222

196.151.252.84:443

5.15.30.56:443

85.121.42.12:443

90.23.117.67:2222

197.45.110.165:995

86.99.134.235:2222

59.96.165.120:443

174.76.21.134:443

208.99.100.129:443

86.126.198.195:443

80.106.85.24:2222

85.132.36.111:2222

105.198.236.101:443

2.49.219.254:22

83.196.50.197:2222

98.115.243.237:443

104.37.20.207:995

189.150.40.192:2222

200.75.136.78:443

72.183.129.56:443

92.154.83.96:2222

70.124.29.226:443

37.21.231.245:995

199.116.241.147:443

50.60.166.59:995

47.22.148.6:443

116.240.78.45:995

213.67.45.195:2222

73.166.10.38:995

94.52.160.116:443

47.44.217.98:443

73.51.245.231:995

174.29.203.226:993

178.222.114.132:995

173.197.22.90:2222

76.181.122.120:443

166.62.183.139:2078

108.160.123.244:443

Targets
Target

md.dll

MD5

04416cf8bf1c7d31a606edff765529df

Filesize

2MB

Score
10 /10
SHA1

bb6abc451db164e17a5dd030b355b309c219623d

SHA256

5094e17105845238a6a2aaf54cd6769733032009a9ddd24e8af046837c1c12e6

SHA512

348e86e7efa139f90fe71b751d476aa0ea6e83cc0cc37f9d18b4d9ebc0d37a47bafc4d911a603457bd6d36b7ed323520b11df06edb69605c961c721037628317

Tags

Signatures

  • Qakbot/Qbot

    Description

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    Tags

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                      Privilege Escalation