Overview

overview

10

Static

static

good.good.dll

windows7_x64

10

good.good.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    good.good

  • Size

    971KB

  • Sample

    211108-2fynlsacbq

  • MD5

    03c42af7cb662d618f9eb21a051efeab

  • SHA1

    95056478caa0c448b52a73a3896b8c3e6e2fbd02

  • SHA256

    43074ef8cd5c2c859b6d21fae25431101872d7f9e79acc9f16f04e7cd64be9b8

  • SHA512

    dc544ac48a1dad4ec557456a073b7ca551ce42c2d12e80ff3fc1b709bdeaaf02d46dad3b13070133a1f5cd06c100d7e4bc4d10a9fe5bf3b74ca73c2fc54aec1b

Score
10/10
qakbottr1635953596bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

402.388

Botnet

tr

Campaign

1635953596

C2

190.73.3.148:2222

109.177.30.138:995

181.99.138.132:465

109.228.255.59:443

94.200.181.154:443

103.150.40.76:995

216.238.71.31:443

216.238.72.121:443

216.238.72.121:995

216.238.71.31:995

177.172.5.228:995

201.172.31.95:80

67.165.206.193:993

50.194.160.233:32100

92.59.35.196:2222

89.101.97.139:443

176.35.109.202:2222

140.82.49.12:443

109.133.93.127:995

71.13.93.154:2222
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      good.good

    • Size

      971KB

    • MD5

      03c42af7cb662d618f9eb21a051efeab

    • SHA1

      95056478caa0c448b52a73a3896b8c3e6e2fbd02

    • SHA256

      43074ef8cd5c2c859b6d21fae25431101872d7f9e79acc9f16f04e7cd64be9b8

    • SHA512

      dc544ac48a1dad4ec557456a073b7ca551ce42c2d12e80ff3fc1b709bdeaaf02d46dad3b13070133a1f5cd06c100d7e4bc4d10a9fe5bf3b74ca73c2fc54aec1b

    Score
    10/10
    qakbottr1635953596bankerstealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks