Overview

overview

10

Static

static

10

dc65eea8bf...51.dll

windows7_x64

10

dc65eea8bf...51.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc65eea8bf1f3de19358667c5147eb19f98fffde5449379e879ad6fffc27db51

  • Size

    217KB

  • Sample

    220214-sebb9ababp

  • MD5

    9ec2dae9791d4bb0ca000f5979e6984c

  • SHA1

    f0a777917cb0636a7475a406b9579f80babc9d69

  • SHA256

    dc65eea8bf1f3de19358667c5147eb19f98fffde5449379e879ad6fffc27db51

  • SHA512

    b585c058487acb71bff2b5ce3e4044a12a04b13e4e29977fe3888c02638464145eab1d9eb7b5e158df4db1ee9a877aa5e65f33a72c55e05fa1a30e0a8f8588c7

Score
10/10
qakbotobama301618843418bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

402.12

Botnet

obama30

Campaign

1618843418

C2

83.110.109.164:2222

75.67.192.125:443

189.210.115.207:443

47.196.192.184:443

72.252.201.69:443

151.205.102.42:443

81.97.154.100:443

24.117.107.120:443

140.82.49.12:443

78.63.226.32:443

72.240.200.181:2222

75.137.47.174:443

71.41.184.10:3389

73.25.124.140:2222

149.28.101.90:8443

149.28.101.90:2222

45.77.115.208:995

45.77.115.208:8443

207.246.77.75:8443

207.246.77.75:2222
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      dc65eea8bf1f3de19358667c5147eb19f98fffde5449379e879ad6fffc27db51

    • Size

      217KB

    • MD5

      9ec2dae9791d4bb0ca000f5979e6984c

    • SHA1

      f0a777917cb0636a7475a406b9579f80babc9d69

    • SHA256

      dc65eea8bf1f3de19358667c5147eb19f98fffde5449379e879ad6fffc27db51

    • SHA512

      b585c058487acb71bff2b5ce3e4044a12a04b13e4e29977fe3888c02638464145eab1d9eb7b5e158df4db1ee9a877aa5e65f33a72c55e05fa1a30e0a8f8588c7

    Score
    10/10
    qakbotobama301618843418bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks