Overview

overview

10

Static

static

10

another_dll.dll

windows7_x64

10

another_dll.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    another_dll.dll

  • Size

    263KB

  • Sample

    211010-hgtw9sffc9

  • MD5

    660a42ba7aa190de6de83e577e691b41

  • SHA1

    987d0ea16d3ee9f434be471020ad301bde6853e6

  • SHA256

    1c61d76eea89db878348b2de168304396cbe5d404f503a423ed05ae7e7598354

  • SHA512

    cedf73578bf9d4e91f5d1b9dd1da2c1cfebdf8b468106821996cf61326079096e8373d0085b35cc1668d09e27d8f44d1994ff61b51bbd8e304f4d07305452f86

Score
10/10
qakbotobama1071633078880bankerevasionstealertrojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama107

Campaign

1633078880

C2

140.82.49.12:443

41.250.143.109:995

216.201.162.158:443

86.8.177.143:443

105.198.236.99:443

124.123.42.115:2222

217.17.56.163:443

37.210.152.224:995

190.198.206.189:2222

75.89.195.186:995

78.191.44.76:995

122.11.220.212:2222

68.186.192.69:443

159.2.51.200:2222

217.17.56.163:2222

217.17.56.163:2078

41.228.22.180:443

120.151.47.189:443

47.22.148.6:443

94.200.181.154:443

Targets

    • Target

      another_dll.dll

    • Size

      263KB

    • MD5

      660a42ba7aa190de6de83e577e691b41

    • SHA1

      987d0ea16d3ee9f434be471020ad301bde6853e6

    • SHA256

      1c61d76eea89db878348b2de168304396cbe5d404f503a423ed05ae7e7598354

    • SHA512

      cedf73578bf9d4e91f5d1b9dd1da2c1cfebdf8b468106821996cf61326079096e8373d0085b35cc1668d09e27d8f44d1994ff61b51bbd8e304f4d07305452f86

    Score
    10/10
    qakbotobama1071633078880bankerevasionstealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks