Overview

overview

10

Static

static

qjnndpxjfqujk.dll

windows7_x64

10

qjnndpxjfqujk.dll

windows11_x64

10

qjnndpxjfqujk.dll

windows10_x64

10

Resubmissions

28-09-2021 20:53

210928-zpnhwsdber 10

27-09-2021 12:01

210927-n666saggg2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    qjnndpxjfqujk.dll

  • Size

    489KB

  • Sample

    210928-zpnhwsdber

  • MD5

    2c7fe65874005a9f4d3e455ad1a8547b

  • SHA1

    e5c78ee1be97d61ea6acff4e3d433577b2fab96c

  • SHA256

    46be6fc385ff5dbeb439bf46ec27f868034f499a49524120a7692a1170469c91

  • SHA512

    ac8b0cc51c9f54401de36c3101c245d678c85c3d04f2356bf7403f3fc511a356d11f66df6fd76d9f7f5e73a7c95c1f1e13298a7cd07383c2fed675d611970207

Score
10/10
qakbotnotset1632476965bankerevasionstealertrojan

Malware Config

Extracted

Family

qakbot

Version

402.343

Botnet

notset

Campaign

1632476965

C2

136.232.34.70:443

216.201.162.158:443

92.59.35.196:2222

105.198.236.99:443

185.250.148.74:443

73.77.87.137:443

196.218.227.241:995

103.148.120.144:443

120.150.218.241:995

47.22.148.6:443

140.82.49.12:443

71.74.12.34:443

27.223.92.142:995

76.25.142.196:443

95.77.223.148:443

75.188.35.168:443

96.37.113.36:993

173.21.10.71:2222

45.46.53.140:2222

73.151.236.31:443

Targets

    • Target

      qjnndpxjfqujk.dll

    • Size

      489KB

    • MD5

      2c7fe65874005a9f4d3e455ad1a8547b

    • SHA1

      e5c78ee1be97d61ea6acff4e3d433577b2fab96c

    • SHA256

      46be6fc385ff5dbeb439bf46ec27f868034f499a49524120a7692a1170469c91

    • SHA512

      ac8b0cc51c9f54401de36c3101c245d678c85c3d04f2356bf7403f3fc511a356d11f66df6fd76d9f7f5e73a7c95c1f1e13298a7cd07383c2fed675d611970207

    Score
    10/10
    qakbotnotset1632476965bankerevasionstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Windows security bypass

      evasiontrojan

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks