Overview

overview

10

Static

static

10

620ecd3d2a...71.dll

windows7_x64

10

620ecd3d2a...71.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    620ecd3d2a3c62241a8022b6cba731d8ba5e3ca48a452e646339c8ce9957e471

  • Size

    196KB

  • Sample

    220214-s9waxahge9

  • MD5

    4476923a2ab16ae035f30da6fac752e7

  • SHA1

    f133d8d2642698fcce92215e507a3ea463e349cd

  • SHA256

    620ecd3d2a3c62241a8022b6cba731d8ba5e3ca48a452e646339c8ce9957e471

  • SHA512

    851d607c40878ddb65056afa954b48d44487f2c8c321aae9ff402d27e054c7b7c171f7ade7e04054eae50a6e4d202e308e7c5a06e875a13645e488a8ff7fda11

Score
10/10
qakbotabc1191611224824bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

abc119

Campaign

1611224824

C2

106.51.52.111:443

83.110.12.140:2222

89.3.198.238:443

86.220.60.133:2222

45.77.115.208:8443

45.77.115.208:995

71.117.132.169:443

82.76.47.211:443

125.63.101.62:443

86.98.93.124:2078

178.152.70.12:995

78.97.207.104:443

77.27.174.49:995

173.70.165.101:995

64.121.114.87:443

188.24.128.253:443

89.137.211.239:995

80.227.5.70:443

81.97.154.100:443

98.121.187.78:443
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      620ecd3d2a3c62241a8022b6cba731d8ba5e3ca48a452e646339c8ce9957e471

    • Size

      196KB

    • MD5

      4476923a2ab16ae035f30da6fac752e7

    • SHA1

      f133d8d2642698fcce92215e507a3ea463e349cd

    • SHA256

      620ecd3d2a3c62241a8022b6cba731d8ba5e3ca48a452e646339c8ce9957e471

    • SHA512

      851d607c40878ddb65056afa954b48d44487f2c8c321aae9ff402d27e054c7b7c171f7ade7e04054eae50a6e4d202e308e7c5a06e875a13645e488a8ff7fda11

    Score
    10/10
    qakbotabc1191611224824bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks