Overview

overview

10

Static

static

4267c9ed35...e5.dll

windows7-x64

10

4267c9ed35...e5.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4267c9ed353695a75438c73ca2f708e5.dll

  • Size

    386KB

  • Sample

    220716-kq2pksbebq

  • MD5

    4267c9ed353695a75438c73ca2f708e5

  • SHA1

    d323d4730f202c7e913660f7c330acc627057b6c

  • SHA256

    d2e25616b35d56ac0731c8dd034b9c682fd031fc83f04094aceb034f5ce2bd2a

  • SHA512

    08a2d9b3c3be8b9c15f926b1a5fecf7e322191ec3f302c8af19cedb6fba52b087b76a56b11fd0a49c503b8100b35fc24e93750874ffecbdb5d9f08c849b7d5e5

Score
10/10
qakbotobama1931656010579bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.780

Botnet

obama193

Campaign

1656010579

C2

104.34.212.7:32103

86.200.151.188:2222

41.228.22.180:443

94.59.15.180:2222

45.46.53.140:2222

189.78.107.163:32101

24.178.196.158:2222

179.158.105.44:443

37.34.253.233:443

47.23.89.60:993

176.45.232.204:995

120.150.218.241:995

38.70.253.226:2222

40.134.246.185:995

5.32.41.45:443

72.252.157.93:990

72.252.157.93:993

24.55.67.176:443

93.48.80.198:995

100.38.242.113:995
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      4267c9ed353695a75438c73ca2f708e5.dll

    • Size

      386KB

    • MD5

      4267c9ed353695a75438c73ca2f708e5

    • SHA1

      d323d4730f202c7e913660f7c330acc627057b6c

    • SHA256

      d2e25616b35d56ac0731c8dd034b9c682fd031fc83f04094aceb034f5ce2bd2a

    • SHA512

      08a2d9b3c3be8b9c15f926b1a5fecf7e322191ec3f302c8af19cedb6fba52b087b76a56b11fd0a49c503b8100b35fc24e93750874ffecbdb5d9f08c849b7d5e5

    Score
    10/10
    qakbotobama1931656010579bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks