Overview

overview

10

Static

static

50ea1fcec3...in.dll

windows7_x64

10

50ea1fcec3...in.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    50ea1fcec3f6a9dcbd9e9abb24e0b38483f76c4c33a940d42fd089c8cb3446ea.bin

  • Size

    280KB

  • Sample

    210628-yxzk4srbs2

  • MD5

    9ee2257281771e30d8cbbd1d672c9265

  • SHA1

    b31b6320e924cae0eb0cc47302cfa524fe855c05

  • SHA256

    50ea1fcec3f6a9dcbd9e9abb24e0b38483f76c4c33a940d42fd089c8cb3446ea

  • SHA512

    3cc0803ef914807221069927afda61245d98d00990cc0ea3cdee07b61ff7a501467177083d9bef3f20dc3a0a1cbf36904e4cc2a4c3e701680bdc3ac03ba8df51

Score
10/10
qakbotobama641624560446bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

402.115

Botnet

obama64

Campaign

1624560446

C2

140.82.49.12:443

81.214.126.173:2222

75.67.192.125:443

216.201.162.158:443

76.25.142.196:443

68.186.192.69:443

95.77.223.148:443

97.69.160.4:2222

71.41.184.10:3389

184.185.103.157:443

189.210.115.207:443

24.179.77.236:443

73.151.236.31:443

188.26.180.140:443

213.122.113.120:443

75.137.47.174:443

197.45.110.165:995

72.240.200.181:2222

75.188.35.168:443

173.21.10.71:2222

Targets

    • Target

      50ea1fcec3f6a9dcbd9e9abb24e0b38483f76c4c33a940d42fd089c8cb3446ea.bin

    • Size

      280KB

    • MD5

      9ee2257281771e30d8cbbd1d672c9265

    • SHA1

      b31b6320e924cae0eb0cc47302cfa524fe855c05

    • SHA256

      50ea1fcec3f6a9dcbd9e9abb24e0b38483f76c4c33a940d42fd089c8cb3446ea

    • SHA512

      3cc0803ef914807221069927afda61245d98d00990cc0ea3cdee07b61ff7a501467177083d9bef3f20dc3a0a1cbf36904e4cc2a4c3e701680bdc3ac03ba8df51

    Score
    10/10
    qakbotobama641624560446bankerstealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks