Overview

overview

10

Static

static

9

777730a4db...d5.dll

windows7_x64

10

777730a4db...d5.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    777730a4dba9903962bc374ce2174401eb647970985ff2f684ef6d30d6b6b7d5

  • Size

    2.5MB

  • Sample

    220319-xygetsgfg6

  • MD5

    c80ed59e73a7f3561819904bfc5cfdec

  • SHA1

    19e38d8e5bb55fffa74829ad9e66537098faabfb

  • SHA256

    777730a4dba9903962bc374ce2174401eb647970985ff2f684ef6d30d6b6b7d5

  • SHA512

    fd58950c166a885a6f085a3a050cfc28ad5b5ca44cc0ac2d309bef4b1ed37bd3c4236f039a56dcd3bf46f215223469e90f92037d4096bf74deebede250c2448a

Score
10/10
qakbotabc1161608643791bankercryptonepackerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

401.157

Botnet

abc116

Campaign

1608643791

C2

24.229.150.54:995

109.154.79.222:2222

184.189.122.72:443

2.88.184.160:443

77.27.174.49:995

86.126.220.127:443

188.253.82.30:995

45.77.115.208:995

67.6.54.180:443

85.52.72.32:2222

2.50.88.125:995

149.28.98.196:2222

37.234.201.55:995

86.98.21.234:443

73.166.10.38:50003

144.202.38.185:2222

45.63.107.192:443

90.61.30.155:2222

94.98.248.152:443

86.127.155.224:443

Targets

    • Target

      777730a4dba9903962bc374ce2174401eb647970985ff2f684ef6d30d6b6b7d5

    • Size

      2.5MB

    • MD5

      c80ed59e73a7f3561819904bfc5cfdec

    • SHA1

      19e38d8e5bb55fffa74829ad9e66537098faabfb

    • SHA256

      777730a4dba9903962bc374ce2174401eb647970985ff2f684ef6d30d6b6b7d5

    • SHA512

      fd58950c166a885a6f085a3a050cfc28ad5b5ca44cc0ac2d309bef4b1ed37bd3c4236f039a56dcd3bf46f215223469e90f92037d4096bf74deebede250c2448a

    Score
    10/10
    qakbotabc1161608643791bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks