Overview

overview

10

Static

static

36c8c68adf...fc.dll

windows7_x64

10

36c8c68adf...fc.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7613266146.zip

  • Size

    186KB

  • Sample

    220624-px1hbaccgr

  • MD5

    eb6462bda8d08d2caab3ccc5a1d6c6bf

  • SHA1

    97d73c8897bfaa94ed7545b6799e771c728bdf7d

  • SHA256

    d646b93cc821975444816985b9c82c908cc0eef229faefa32c27d2adcfcedd05

  • SHA512

    4a8b6808fa8d69c59a66778bf12c3fa2d4d198a9a77ef353e7b94a18343fcd68d869acfeb82075ec483ff03b5063208cd0f3ef983308174da94a645b63e5226d

Score
10/10
qakbotobama1921655969261bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.780

Botnet

obama192

Campaign

1655969261

C2

100.38.242.113:995

94.59.252.166:2222

74.14.5.179:2222

71.13.93.154:2222

193.253.44.249:2222

108.60.213.141:443

45.241.231.78:993

217.128.122.65:2222

40.134.246.185:995

1.161.124.241:443

70.46.220.114:443

24.43.99.75:443

32.221.224.140:995

80.11.74.81:2222

31.215.184.140:2222

39.49.85.29:995

67.209.195.198:443

186.90.153.162:2222

148.64.96.100:443

67.165.206.193:993
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      36c8c68adf99f8ee83eec42b8a49df06dbadf3ed5f82fad92720eae5279b50fc

    • Size

      335KB

    • MD5

      739cce8ea42b19f7f8f6ade1f972b050

    • SHA1

      ff7d7149f3e6ae31d1b77f3e201ca7ee5e96366a

    • SHA256

      36c8c68adf99f8ee83eec42b8a49df06dbadf3ed5f82fad92720eae5279b50fc

    • SHA512

      bfa1e84c7ecd8a44e47361c8f79063b53f5d25c572e5215fdee5a22c005ae4bf0d9a2aa3f9a7ba6b0ce52033d317eaf27092a6c979eec753e2a9b6b6701dec3d

    Score
    10/10
    qakbotobama1921655969261bankerstealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks