Overview

overview

10

Static

static

1.dat.dll

windows7_x64

10

1.dat.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.dat

  • Size

    905KB

  • Sample

    211015-r1bz8sbag5

  • MD5

    dbf66cf845c6af2445cb611215c84282

  • SHA1

    ae1c4b5d117e57bf8d541edab0e0bd100db07ea1

  • SHA256

    7cd8216e129493641bbe7f573b13425bcf52923bad83ee532abd66fed293d9fc

  • SHA512

    300c569c6221b7d24ecee114d9cee1a7f9f6873de2ba21cf41f115f2e456a81b7348b584c1d5c442b5bfa3624538f16e3f9e7f756158a302f12187f657c984b7

Score
10/10
qakbotobama1161634289383bankerevasionstealertrojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama116

Campaign

1634289383

C2

41.228.22.180:443

188.55.249.239:995

120.150.218.241:995

37.117.191.19:2222

68.204.7.158:443

81.241.252.59:2078

196.207.140.40:995

174.54.193.186:443

63.143.92.99:995

197.89.144.200:443

86.220.112.26:2222

73.52.50.32:443

103.82.211.39:465

146.66.238.74:443

167.248.117.81:443

2.222.167.138:443

181.118.183.94:443

103.82.211.39:995

78.179.137.102:995

89.137.52.44:443
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      1.dat

    • Size

      905KB

    • MD5

      dbf66cf845c6af2445cb611215c84282

    • SHA1

      ae1c4b5d117e57bf8d541edab0e0bd100db07ea1

    • SHA256

      7cd8216e129493641bbe7f573b13425bcf52923bad83ee532abd66fed293d9fc

    • SHA512

      300c569c6221b7d24ecee114d9cee1a7f9f6873de2ba21cf41f115f2e456a81b7348b584c1d5c442b5bfa3624538f16e3f9e7f756158a302f12187f657c984b7

    Score
    10/10
    qakbotobama1161634289383bankerevasionstealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks