1.dll

General
Target

1.dll

Size

1MB

Sample

220623-sjhxwsdfel

Score
10 /10
MD5

eb31be549bdbcf8d6c3b757884f53793

SHA1

6c88fbb10e9c966713d3602c9200536d13f95540

SHA256

77e6a51acde3aa1b073c2cd7f4379fe215d07cba78a17a7dfc66d331a9cddb3a

SHA512

cbc56dae7c2d33f14bf6c450be7fd756531b191b8a0167945b2d9a2255701c4b364742c0ff863060ecce86a7f3dab2c39540c10c5b79846d4ac93fb423b3ca6e

Malware Config

Extracted

Family qakbot
Version 403.780
Botnet AA
Campaign 1655971687
C2

38.70.253.226:2222

47.23.89.60:993

120.150.218.241:995

117.248.109.38:21

37.34.253.233:443

86.132.14.70:2078

111.125.245.116:995

217.165.85.191:993

176.45.232.204:995

5.32.41.45:443

93.48.80.198:995

100.38.242.113:995

94.59.252.166:2222

74.14.5.179:2222

71.13.93.154:2222

193.253.44.249:2222

108.60.213.141:443

45.241.231.78:993

217.128.122.65:2222

40.134.246.185:995

1.161.124.241:443

70.46.220.114:443

24.43.99.75:443

32.221.224.140:995

80.11.74.81:2222

31.215.184.140:2222

39.49.85.29:995

67.209.195.198:443

186.90.153.162:2222

148.64.96.100:443

67.165.206.193:993

210.246.4.69:995

208.107.221.224:443

89.101.97.139:443

88.234.116.71:443

121.7.223.45:2222

104.34.212.7:32103

69.14.172.24:443

41.228.22.180:443

197.87.182.60:443

24.178.196.158:2222

1.161.124.241:995

189.78.107.163:32101

39.52.74.55:995

2.34.12.8:443

182.191.92.203:995

173.21.10.71:2222

39.41.2.45:995

90.114.10.16:2222

184.97.29.26:443

Attributes
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
Target

1.dll

MD5

eb31be549bdbcf8d6c3b757884f53793

Filesize

1MB

Score
10/10
SHA1

6c88fbb10e9c966713d3602c9200536d13f95540

SHA256

77e6a51acde3aa1b073c2cd7f4379fe215d07cba78a17a7dfc66d331a9cddb3a

SHA512

cbc56dae7c2d33f14bf6c450be7fd756531b191b8a0167945b2d9a2255701c4b364742c0ff863060ecce86a7f3dab2c39540c10c5b79846d4ac93fb423b3ca6e

Tags

Signatures

  • Qakbot/Qbot

    Description

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    Tags

  • Loads dropped DLL

  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                      Privilege Escalation
                        Tasks