Overview

overview

10

Static

static

ba7e9131dd...5b.dll

windows7_x64

10

ba7e9131dd...5b.dll

windows10_x64

10

Resubmissions

25-01-2022 11:49

220125-ny1zssfed9 10

24-01-2022 17:16

220124-vs87jsfhc9 10

24-01-2022 16:22

220124-tvkrasfec4 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba7e9131dd5aa9f2e7e0050c688d2830787dd01e8d58aef364a878b61156b35b

  • Size

    1.6MB

  • Sample

    220125-ny1zssfed9

  • MD5

    6317f9ae495c49ab7b5e5b501a5639ef

  • SHA1

    2d49c0f32a441d09ddee7c3b2b019ae8904ea1e7

  • SHA256

    ba7e9131dd5aa9f2e7e0050c688d2830787dd01e8d58aef364a878b61156b35b

  • SHA512

    bd9c6df8b2d91959580c6227a990882625c029528c0e53a600de8f6cc970e95fbb26108f3ae7f1bc8ef18d2b4b429490ec4ae5f6935e47c6c44dbf06c21be4f1

Score
10/10
qakbotobama1521643019304bankerevasionstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.2

Botnet

obama152

Campaign

1643019304

C2

96.80.109.57:995

209.210.95.228:32100

180.233.150.134:995

149.135.101.20:443

38.70.253.226:2222

24.222.20.254:443

83.110.2.97:443

78.87.44.54:995

86.108.46.251:443

74.15.2.252:2222

102.65.38.67:443

37.203.225.248:443

75.139.7.190:2083

24.53.49.240:443

80.14.196.176:2222

94.60.254.81:443

86.98.32.228:443

130.164.129.3:443

176.67.56.94:443

31.167.160.170:443
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      ba7e9131dd5aa9f2e7e0050c688d2830787dd01e8d58aef364a878b61156b35b

    • Size

      1.6MB

    • MD5

      6317f9ae495c49ab7b5e5b501a5639ef

    • SHA1

      2d49c0f32a441d09ddee7c3b2b019ae8904ea1e7

    • SHA256

      ba7e9131dd5aa9f2e7e0050c688d2830787dd01e8d58aef364a878b61156b35b

    • SHA512

      bd9c6df8b2d91959580c6227a990882625c029528c0e53a600de8f6cc970e95fbb26108f3ae7f1bc8ef18d2b4b429490ec4ae5f6935e47c6c44dbf06c21be4f1

    Score
    10/10
    qakbotobama1521643019304bankerevasionstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Windows security bypass

      evasiontrojan

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Remote System Discovery

1
T1018

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks