Overview

overview

10

Static

static

f47d4cc0fd...97.dll

windows7_x64

10

f47d4cc0fd...97.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f47d4cc0fd011a1f8a74ced31d693742378f2ccb6b3d0b6b8d322cd31e62f897

  • Size

    793KB

  • Sample

    210423-j1v8ty7mka

  • MD5

    8656dfe70a79dd6513cdd5e9f5294d57

  • SHA1

    c7a846026a3f87a5b48c9316ae17e1888e7af5ed

  • SHA256

    f47d4cc0fd011a1f8a74ced31d693742378f2ccb6b3d0b6b8d322cd31e62f897

  • SHA512

    83f4f85137aa8fb1a0a868c90db7906603536777956f8686dec952c93a9f10bcc994d21601c0ab67ec8e7c0abb0aa369fa43acb1b41fe18d5d0b3e71f57406bf

Score
10/10
qakbotclinton081618995832bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

402.12

Botnet

clinton08

Campaign

1618995832

C2

190.85.91.154:443

140.82.49.12:443

96.37.113.36:993

73.25.124.140:2222

71.41.184.10:3389

50.244.112.106:443

78.63.226.32:443

24.152.219.253:995

105.198.236.99:443

149.28.101.90:8443

149.28.101.90:443

149.28.101.90:2222

45.77.115.208:8443

207.246.77.75:8443

207.246.77.75:2222

207.246.116.237:2222

45.77.117.108:995

144.202.38.185:2222

207.246.77.75:995

207.246.77.75:443

Targets

    • Target

      f47d4cc0fd011a1f8a74ced31d693742378f2ccb6b3d0b6b8d322cd31e62f897

    • Size

      793KB

    • MD5

      8656dfe70a79dd6513cdd5e9f5294d57

    • SHA1

      c7a846026a3f87a5b48c9316ae17e1888e7af5ed

    • SHA256

      f47d4cc0fd011a1f8a74ced31d693742378f2ccb6b3d0b6b8d322cd31e62f897

    • SHA512

      83f4f85137aa8fb1a0a868c90db7906603536777956f8686dec952c93a9f10bcc994d21601c0ab67ec8e7c0abb0aa369fa43acb1b41fe18d5d0b3e71f57406bf

    Score
    10/10
    qakbotclinton081618995832bankerstealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks