Overview

overview

10

Static

static

5072be7079...0a.dll

windows7_x64

10

5072be7079...0a.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5072be7079f30918f15012580dece0565d1b25bcbf522d8f38b60ac85dec3f0a

  • Size

    1.3MB

  • Sample

    210415-x2avdmetsx

  • MD5

    0c545d752e564333c32c60cfaaf3e659

  • SHA1

    b6975c2f56cbe0a69f1f5d69dca48eef051bc298

  • SHA256

    5072be7079f30918f15012580dece0565d1b25bcbf522d8f38b60ac85dec3f0a

  • SHA512

    943f72520e59fe41a7e56df8d6b92e99823dc2c5bf6daaacd9f72e26a5ae37afefb05a0e5e5c39551e8955633bfa3bf64ad75215a211ba11873928a2726ee810

Score
10/10
qakbottr1618225074bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

tr

Campaign

1618225074

C2

197.45.110.165:995

216.201.162.158:443

71.74.12.34:443

45.63.107.192:2222

149.28.101.90:2222

45.32.211.207:443

45.32.211.207:995

45.32.211.207:8443

45.32.211.207:2222

149.28.99.97:995

149.28.98.196:443

149.28.101.90:443

149.28.101.90:8443

207.246.77.75:2222

207.246.116.237:443

207.246.116.237:995

207.246.116.237:2222

45.77.117.108:995

149.28.99.97:443

45.63.107.192:443

Targets

    • Target

      5072be7079f30918f15012580dece0565d1b25bcbf522d8f38b60ac85dec3f0a

    • Size

      1.3MB

    • MD5

      0c545d752e564333c32c60cfaaf3e659

    • SHA1

      b6975c2f56cbe0a69f1f5d69dca48eef051bc298

    • SHA256

      5072be7079f30918f15012580dece0565d1b25bcbf522d8f38b60ac85dec3f0a

    • SHA512

      943f72520e59fe41a7e56df8d6b92e99823dc2c5bf6daaacd9f72e26a5ae37afefb05a0e5e5c39551e8955633bfa3bf64ad75215a211ba11873928a2726ee810

    Score
    10/10
    qakbottr1618225074bankerstealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks