Overview

overview

10

Static

static

cbe2f650ed...72.dll

windows7_x64

10

cbe2f650ed...72.dll

windows10_x64

10

Analysis

  • max time kernel
    9s
  • max time network
    9s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    26-02-2021 14:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cbe2f650ed2c319130bc060a600c4b9d17d255d319b24fac10da293c673b3572.dll

  • Size

    801KB

  • MD5

    67bdb286d03b8b4760e792b29c5fd6a1

  • SHA1

    c722600b1355bbcfa06bd727be9ddc93c2664d8b

  • SHA256

    cbe2f650ed2c319130bc060a600c4b9d17d255d319b24fac10da293c673b3572

  • SHA512

    8a034c67c7d9be3b51930440af939f9b014548d2599535930df18fc81e1bb114cbdadcfc86cf68e6d4ed8818633ced871fe252d0a242b5387d082b185008b4ed

Score
10/10
qakbotbiden021614254614bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

biden02

Campaign

1614254614

C2

71.163.223.159:443

83.110.9.71:2222

87.202.87.210:2222

47.22.148.6:443

78.180.179.136:443

67.8.103.21:443

140.82.49.12:443

213.60.147.140:443

187.250.39.162:443

86.236.77.68:2222

108.46.145.30:443

172.87.157.235:3389

79.115.174.55:443

217.133.54.140:32100

83.110.109.106:2222

78.63.226.32:443

83.196.56.65:2222

59.90.246.200:443

89.137.211.239:995

105.96.8.96:443

Signatures

  • Qakbot/Qbot

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    trojanbankerstealerqakbot
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbe2f650ed2c319130bc060a600c4b9d17d255d319b24fac10da293c673b3572.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1040
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbe2f650ed2c319130bc060a600c4b9d17d255d319b24fac10da293c673b3572.dll,#1
      2⤵
        PID:1740

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1740-2-0x0000000000000000-mapping.dmp

      Download

    • memory/1740-3-0x0000000076311000-0x0000000076313000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1740-4-0x0000000000160000-0x0000000000161000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1740-5-0x00000000002D0000-0x0000000000304000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1740-6-0x0000000000540000-0x0000000000575000-memory.dmp

      Filesize

      212KB

      Download