Overview

overview

10

Static

static

yn.dll

windows7_x64

10

yn.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    yn.png

  • Size

    1.1MB

  • Sample

    220125-q6egwagfgl

  • MD5

    557d5118e28207d90e80f2dd90e23bfb

  • SHA1

    b871a809f1ea0c6c43e92c3479d1bde6157d939f

  • SHA256

    532fbe194acb281ef6be139e0724a46d9936606b190b62bc57ba0859b2b61b8c

  • SHA512

    8461d347c2da986b7222e076bbbc97c6d43577a48cf31b4255090ad665b72330ce1ce825b8e248e9c7e4c14b8541c2649dd2d39d4e8a63e58bb1056e89bad0c6

Score
10/10
qakbottr1643025272bankerevasionstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.10

Botnet

tr

Campaign

1643025272

C2

103.143.8.71:6881

37.210.172.200:2222

136.143.11.232:443

190.73.3.148:2222

78.101.147.76:61202

82.152.39.39:443

65.100.174.110:995

65.100.174.110:443

111.125.245.116:995

117.248.109.38:21

31.215.99.178:443

103.142.10.177:443

39.49.110.129:995

86.97.246.244:1194

68.204.7.158:443

217.128.93.27:2222

144.86.28.125:443

94.59.253.222:2222

120.150.218.241:995

185.249.85.209:443
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      yn.png

    • Size

      1.1MB

    • MD5

      557d5118e28207d90e80f2dd90e23bfb

    • SHA1

      b871a809f1ea0c6c43e92c3479d1bde6157d939f

    • SHA256

      532fbe194acb281ef6be139e0724a46d9936606b190b62bc57ba0859b2b61b8c

    • SHA512

      8461d347c2da986b7222e076bbbc97c6d43577a48cf31b4255090ad665b72330ce1ce825b8e248e9c7e4c14b8541c2649dd2d39d4e8a63e58bb1056e89bad0c6

    Score
    10/10
    qakbottr1643025272bankerevasionstealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks