Overview

overview

10

Static

static

10

e0d072cabe...01.dll

windows7_x64

10

e0d072cabe...01.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e0d072cabeeb73e77e96509c7a41d1b107e9ad732e3c85835856510fac431f01

  • Size

    88KB

  • Sample

    220214-sdapbshdf3

  • MD5

    f531df4ccf0e79fc7008c027c8da8b19

  • SHA1

    efd0d1ed621c251fed7fd471f25e6ac48d3be1ec

  • SHA256

    e0d072cabeeb73e77e96509c7a41d1b107e9ad732e3c85835856510fac431f01

  • SHA512

    ba705ad5c3336801f8bcc4166b01c0be5bbdab3640fabfdaac3922fb82cfbc0adaeb3246ef8933949ac55344483b5a9a6aabeda00c37941024e76fd233e80e02

Score
10/10
qakbottr1618225074bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

402.1

Botnet

tr

Campaign

1618225074

C2

197.45.110.165:995

216.201.162.158:443

71.74.12.34:443

45.63.107.192:2222

149.28.101.90:2222

45.32.211.207:443

45.32.211.207:995

45.32.211.207:8443

45.32.211.207:2222

149.28.99.97:995

149.28.98.196:443

149.28.101.90:443

149.28.101.90:8443

207.246.77.75:2222

207.246.116.237:443

207.246.116.237:995

207.246.116.237:2222

45.77.117.108:995

149.28.99.97:443

45.63.107.192:443
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      e0d072cabeeb73e77e96509c7a41d1b107e9ad732e3c85835856510fac431f01

    • Size

      88KB

    • MD5

      f531df4ccf0e79fc7008c027c8da8b19

    • SHA1

      efd0d1ed621c251fed7fd471f25e6ac48d3be1ec

    • SHA256

      e0d072cabeeb73e77e96509c7a41d1b107e9ad732e3c85835856510fac431f01

    • SHA512

      ba705ad5c3336801f8bcc4166b01c0be5bbdab3640fabfdaac3922fb82cfbc0adaeb3246ef8933949ac55344483b5a9a6aabeda00c37941024e76fd233e80e02

    Score
    10/10
    qakbottr1618225074bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks