Overview

overview

10

Static

static

local.dll

windows7_x64

10

local.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    local.dll

  • Size

    843KB

  • Sample

    220620-1sj6badfd3

  • MD5

    3fb78f4c9c7393ac16f242d32c554f54

  • SHA1

    e72c5ecaa6e5b7a0084accf1c18118a1851fc8ee

  • SHA256

    e8d0bfcbdfb86ee8c3a2e1db06ade10715e5fdc7acef1fca18e1021b335f9f78

  • SHA512

    d5cdd5b7b7277d56ffacc831ac78ca2684551f0c8b6b58debca688b13c50212facaa3c7a05518bc724180bb14ba4ebb00e910179f25205d4e5a80205d837826f

Score
10/10
qakbotobama1871654695312bankerevasionstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.688

Botnet

obama187

Campaign

1654695312

C2

197.164.182.46:993

70.51.135.90:2222

187.251.132.144:22

37.186.54.254:995

80.11.74.81:2222

41.84.236.245:995

24.139.72.117:443

177.94.57.126:32101

37.34.253.233:443

186.90.153.162:2222

32.221.224.140:995

208.107.221.224:443

67.165.206.193:993

63.143.92.99:995

88.232.220.207:443

189.78.107.163:32101

74.14.5.179:2222

148.0.56.63:443

40.134.246.185:995

173.21.10.71:2222
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      local.dll

    • Size

      843KB

    • MD5

      3fb78f4c9c7393ac16f242d32c554f54

    • SHA1

      e72c5ecaa6e5b7a0084accf1c18118a1851fc8ee

    • SHA256

      e8d0bfcbdfb86ee8c3a2e1db06ade10715e5fdc7acef1fca18e1021b335f9f78

    • SHA512

      d5cdd5b7b7277d56ffacc831ac78ca2684551f0c8b6b58debca688b13c50212facaa3c7a05518bc724180bb14ba4ebb00e910179f25205d4e5a80205d837826f

    Score
    10/10
    qakbotobama1871654695312bankerevasionstealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks