Overview

overview

10

Static

static

10

qbot.dll

windows7_x64

1

qbot.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    qbot.dll

  • Size

    122KB

  • Sample

    210930-pwejfshgb8

  • MD5

    a5dcdbdb1abbef742aa36ddebb0c6d51

  • SHA1

    561aca2323832aae28dd32a0e62e2744e88986d0

  • SHA256

    975affa2e1b7ca4098fb26f48e8de509553c54c322f01ac00af13f42cb213920

  • SHA512

    b1790a9cf0ed1291a004676b7b2fb5b59b87b13209c67c431c87edb70eae0ff12542a7e1fdcc8199c7d1a740db3da91969e50f64225d8e57b5faa921e39d7e28

Score
10/10
qakbottr1632817399bankerevasionstealertrojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1632817399

C2

105.198.236.99:443

140.82.49.12:443

37.210.152.224:995

89.101.97.139:443

81.241.252.59:2078

27.223.92.142:995

81.250.153.227:2222

73.151.236.31:443

47.22.148.6:443

122.11.220.212:2222

120.151.47.189:443

199.27.127.129:443

216.201.162.158:443

136.232.34.70:443

76.25.142.196:443

181.118.183.94:443

120.150.218.241:995

185.250.148.74:443

95.77.223.148:443

75.66.88.33:443

Targets

    • Target

      qbot.dll

    • Size

      122KB

    • MD5

      a5dcdbdb1abbef742aa36ddebb0c6d51

    • SHA1

      561aca2323832aae28dd32a0e62e2744e88986d0

    • SHA256

      975affa2e1b7ca4098fb26f48e8de509553c54c322f01ac00af13f42cb213920

    • SHA512

      b1790a9cf0ed1291a004676b7b2fb5b59b87b13209c67c431c87edb70eae0ff12542a7e1fdcc8199c7d1a740db3da91969e50f64225d8e57b5faa921e39d7e28

    Score
    10/10
    qakbottr1632817399bankerevasionstealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks