Overview

overview

10

Static

static

10

021865faa3...bf.dll

windows7_x64

10

021865faa3...bf.dll

windows10-2004_x64

10

26de26ea18...ff.dll

windows7_x64

10

26de26ea18...ff.dll

windows10-2004_x64

10

305e8e14bc...f8.dll

windows7_x64

10

305e8e14bc...f8.dll

windows10-2004_x64

10

47ea7ae3c9...94.dll

windows7_x64

10

47ea7ae3c9...94.dll

windows10-2004_x64

10

51ab9788b9...77.dll

windows7_x64

10

51ab9788b9...77.dll

windows10-2004_x64

10

587547a79f...fd.dll

windows7_x64

10

587547a79f...fd.dll

windows10-2004_x64

10

58878537dc...14.dll

windows7_x64

10

58878537dc...14.dll

windows10-2004_x64

10

6909c2801f...37.dll

windows7_x64

10

6909c2801f...37.dll

windows10-2004_x64

10

69ac3f3a76...85.dll

windows7_x64

10

69ac3f3a76...85.dll

windows10-2004_x64

10

6ce8fbedc5...f2.dll

windows7_x64

10

6ce8fbedc5...f2.dll

windows10-2004_x64

10

7a91436b7a...0c.dll

windows7_x64

10

7a91436b7a...0c.dll

windows10-2004_x64

10

8f5843efe1...d4.dll

windows7_x64

10

8f5843efe1...d4.dll

windows10-2004_x64

10

98d07ae48b...0b.dll

windows7_x64

10

98d07ae48b...0b.dll

windows10-2004_x64

10

9c5c2af628...c7.dll

windows7_x64

10

9c5c2af628...c7.dll

windows10-2004_x64

10

9e00cf7d03...0d.dll

windows7_x64

10

9e00cf7d03...0d.dll

windows10-2004_x64

10

9e7db9c87f...2b.dll

windows7_x64

10

9e7db9c87f...2b.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    111s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    14-03-2022 11:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26de26ea18887ba25628c2d3e8834c00ce76b8c84d8be770f31b79c83b681cff.dll

  • Size

    846KB

  • MD5

    c139a52991b5dc2fdba8f8eafc55d440

  • SHA1

    ba34d509f8ba7a4f415ce2c9d13191f43cb67f42

  • SHA256

    26de26ea18887ba25628c2d3e8834c00ce76b8c84d8be770f31b79c83b681cff

  • SHA512

    a987040234a34f4d7fbb404075d168c4f3ae31a3a1d52a611d44791395d25abe2370f4f3f58a895d66fe5fc2f06aac0a5b9b4879f80f38959ee88cd59194da95

Score
10/10
qakbotobama591623694216bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

obama59

Campaign

1623694216

C2

71.41.184.10:3389

47.22.148.6:443

96.253.46.210:443

188.26.180.140:443

75.118.1.141:443

90.65.234.26:2222

83.110.109.155:2222

76.25.142.196:443

45.46.53.140:2222

105.198.236.101:443

151.205.102.42:443

216.201.162.158:443

184.185.103.157:443

189.210.115.207:443

75.137.47.174:443

72.240.200.181:2222

75.67.192.125:443

24.55.112.61:443

72.252.201.69:443

24.179.77.236:443
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Signatures

  • Qakbot/Qbot

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    trojanbankerstealerqakbot
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\26de26ea18887ba25628c2d3e8834c00ce76b8c84d8be770f31b79c83b681cff.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3792
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\26de26ea18887ba25628c2d3e8834c00ce76b8c84d8be770f31b79c83b681cff.dll,#1
      2⤵
        PID:3444
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 668
          3⤵
          • Program crash
          PID:5076
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3444 -ip 3444
      1⤵
        PID:3736

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3444-130-0x0000000002590000-0x00000000025CD000-memory.dmp
        Filesize

        244KB

        Download
      • memory/3444-131-0x0000000002590000-0x00000000025CD000-memory.dmp
        Filesize

        244KB

        Download
      • memory/3444-134-0x00000000023D0000-0x0000000002410000-memory.dmp
        Filesize

        256KB

        Download
      • memory/3444-133-0x0000000002590000-0x00000000025CD000-memory.dmp
        Filesize

        244KB

        Download