Overview

overview

10

Static

static

9

c4fdcedbc8...fd.exe

windows7_x64

10

c4fdcedbc8...fd.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4fdcedbc848cab368655e7e4effba88992cc0681e98bf2c3680143ba16e15fd

  • Size

    2.0MB

  • Sample

    210509-68ak7h9dzn

  • MD5

    7a9f7a8fbd67d10a6b9b1c0cc6cfe226

  • SHA1

    73153e1020a8bdbeecba1095fe51e39f76e0735c

  • SHA256

    c4fdcedbc848cab368655e7e4effba88992cc0681e98bf2c3680143ba16e15fd

  • SHA512

    61269ee40192dde985946e80be867ff74d7947bcf8fdffe89f432e7667daf9198922dfdce72ea97ef1d9a30debf668ff7ce3fb20363d4b39f96ae365f02879c6

Score
10/10
qakbotnotset1588272001bankercryptonepackerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

324.136

Botnet

notset

Campaign

1588272001

Credentials

  • Protocol:     ftp
  • Host:
    192.185.5.208
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    NxdkxAp4dUsY

  • Protocol:     ftp
  • Host:
    162.241.218.118
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    EcOV0DyGVgVN

  • Protocol:     ftp
  • Host:
    69.89.31.139
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    fcR7OvyLrMW6!

  • Protocol:     ftp
  • Host:
    169.207.67.14
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    eQyicNLzzqPN
C2

68.204.164.222:443

47.37.91.78:443

71.10.43.79:443

98.148.177.77:443

212.126.109.14:443

104.235.110.184:443

86.22.41.176:443

5.13.110.111:443

68.206.128.206:2222

207.255.94.98:443

89.137.162.193:443

201.127.117.215:443

89.137.62.72:443

72.204.242.138:443

46.214.136.243:443

86.123.130.104:443

80.14.209.42:2222

134.19.208.152:443

78.96.190.54:443

5.12.133.77:443

Targets

    • Target

      c4fdcedbc848cab368655e7e4effba88992cc0681e98bf2c3680143ba16e15fd

    • Size

      2.0MB

    • MD5

      7a9f7a8fbd67d10a6b9b1c0cc6cfe226

    • SHA1

      73153e1020a8bdbeecba1095fe51e39f76e0735c

    • SHA256

      c4fdcedbc848cab368655e7e4effba88992cc0681e98bf2c3680143ba16e15fd

    • SHA512

      61269ee40192dde985946e80be867ff74d7947bcf8fdffe89f432e7667daf9198922dfdce72ea97ef1d9a30debf668ff7ce3fb20363d4b39f96ae365f02879c6

    Score
    10/10
    qakbotnotset1588272001bankerstealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks