Overview

overview

10

Static

static

44351.7355...at.dll

windows7_x64

10

44351.7355...at.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44351.7355255787.dat

  • Size

    378KB

  • Sample

    210927-rxr72shca6

  • MD5

    f84f4afdf87d8ca3e8b72f8283514143

  • SHA1

    e8851df38788d0c3e24f6a414b05e15de57fabff

  • SHA256

    52f818ae518c008f0139fe006ba139239db225d8d67816274d9ad3efb4bc81ca

  • SHA512

    a3ca3b3c198e0582cca739f72f1e01f5bcd643fb268c1b529315e430e8f440296c7cd7bcac427b470510e84262715b44f81b0ce31e703a362eb6083576cf2618

Score
10/10
qakbotobama1041632729661bankerevasionstealertrojan

Malware Config

Extracted

Family

qakbot

Version

402.343

Botnet

obama104

Campaign

1632729661

C2

95.77.223.148:443

47.22.148.6:443

89.101.97.139:443

27.223.92.142:995

120.151.47.189:443

136.232.34.70:443

120.150.218.241:995

185.250.148.74:443

181.118.183.94:443

140.82.49.12:443

67.165.206.193:993

103.148.120.144:443

71.74.12.34:443

76.25.142.196:443

73.151.236.31:443

173.21.10.71:2222

75.188.35.168:443

2.178.88.145:61202

71.80.168.245:443

45.46.53.140:2222

Targets

    • Target

      44351.7355255787.dat

    • Size

      378KB

    • MD5

      f84f4afdf87d8ca3e8b72f8283514143

    • SHA1

      e8851df38788d0c3e24f6a414b05e15de57fabff

    • SHA256

      52f818ae518c008f0139fe006ba139239db225d8d67816274d9ad3efb4bc81ca

    • SHA512

      a3ca3b3c198e0582cca739f72f1e01f5bcd643fb268c1b529315e430e8f440296c7cd7bcac427b470510e84262715b44f81b0ce31e703a362eb6083576cf2618

    Score
    10/10
    qakbotobama1041632729661bankerevasionstealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks