Overview

overview

10

Static

static

56b00d4f0f...b8.dll

windows7_x64

10

56b00d4f0f...b8.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56b00d4f0f4024914cf657ba675f25ec515f43f13471fa065bf5fa46a5cf1db8

  • Size

    797KB

  • Sample

    210505-yfph67k7ka

  • MD5

    dace8bbca42cf566dce5d245ac318ec9

  • SHA1

    47f3abda0722563785f917e646d464cc70dfa71f

  • SHA256

    56b00d4f0f4024914cf657ba675f25ec515f43f13471fa065bf5fa46a5cf1db8

  • SHA512

    45fef915cbaa3b0bea68e22316ab1c8d3bd77263bad5c14b2910793da5676b033b34f00637937089819dcfa05de4453932cb0fee22d1386537abb5cb6bf1a4de

Score
10/10
qakbotobama321618995682bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

402.12

Botnet

obama32

Campaign

1618995682

C2

190.85.91.154:443

140.82.49.12:443

96.37.113.36:993

73.25.124.140:2222

71.41.184.10:3389

50.244.112.106:443

78.63.226.32:443

24.152.219.253:995

105.198.236.99:443

149.28.101.90:8443

149.28.101.90:443

149.28.101.90:2222

45.77.115.208:8443

207.246.77.75:8443

207.246.77.75:2222

207.246.116.237:2222

45.77.117.108:995

144.202.38.185:2222

207.246.77.75:995

207.246.77.75:443

Targets

    • Target

      56b00d4f0f4024914cf657ba675f25ec515f43f13471fa065bf5fa46a5cf1db8

    • Size

      797KB

    • MD5

      dace8bbca42cf566dce5d245ac318ec9

    • SHA1

      47f3abda0722563785f917e646d464cc70dfa71f

    • SHA256

      56b00d4f0f4024914cf657ba675f25ec515f43f13471fa065bf5fa46a5cf1db8

    • SHA512

      45fef915cbaa3b0bea68e22316ab1c8d3bd77263bad5c14b2910793da5676b033b34f00637937089819dcfa05de4453932cb0fee22d1386537abb5cb6bf1a4de

    Score
    10/10
    qakbotobama321618995682bankerstealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks