Overview

overview

10

Static

static

10

e2b32809cb...fa.dll

windows7_x64

3

e2b32809cb...fa.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e2b32809cb5887fed669d2b7a3f4c11e7e334a580310629efaf50643221efefa

  • Size

    175KB

  • Sample

    220214-sczl3abaap

  • MD5

    01731be5e76fac77d726afa49203f198

  • SHA1

    e9b1440d38a07da3befd450ba36b85692c8d17a8

  • SHA256

    e2b32809cb5887fed669d2b7a3f4c11e7e334a580310629efaf50643221efefa

  • SHA512

    33780af350cd9d64d0a2e68ed74d9f7ee0f0c36fd5ee16442634d16dee8014b0c35b8794610d7640d5e0e71c14c4e724b62a1b25bd7b4c76313e85dfb14b77ed

Score
10/10
qakbotabc1121607942962

Malware Config

Extracted

Family

qakbot

Version

401.78

Botnet

abc112

Campaign

1607942962

C2

66.26.160.37:443

84.78.128.76:2222

45.250.69.150:443

108.31.15.10:995

50.244.112.10:995

47.146.34.236:443

24.95.61.62:443

31.5.21.66:995

59.99.37.134:443

79.115.134.161:443

39.57.127.126:995

120.151.95.167:443

47.44.217.98:443

32.212.117.188:443

37.21.231.245:995

184.97.145.239:443

86.121.3.80:443

83.110.97.149:443

83.194.193.247:2222

78.101.158.1:61201

Targets

    • Target

      e2b32809cb5887fed669d2b7a3f4c11e7e334a580310629efaf50643221efefa

    • Size

      175KB

    • MD5

      01731be5e76fac77d726afa49203f198

    • SHA1

      e9b1440d38a07da3befd450ba36b85692c8d17a8

    • SHA256

      e2b32809cb5887fed669d2b7a3f4c11e7e334a580310629efaf50643221efefa

    • SHA512

      33780af350cd9d64d0a2e68ed74d9f7ee0f0c36fd5ee16442634d16dee8014b0c35b8794610d7640d5e0e71c14c4e724b62a1b25bd7b4c76313e85dfb14b77ed

    Score
    10/10

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks