Overview

overview

10

Static

static

12.dll

windows7-x64

10

12.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12.html

  • Size

    535KB

  • Sample

    220913-m7e81sbcap

  • MD5

    1890dec6809766b1409e74d082788a07

  • SHA1

    e989e72e6bf3f26d1a4683c5d319ee5bc5eb1119

  • SHA256

    c93944c924bc25056026fca8646a5db9cc03755a46bd76eba40329335a4d46e8

  • SHA512

    e1759efcb890767801b1d45daa43cb8bf40cbb8e70bd181696443466fb07227f649e6b82ade758ba3e54fc18b8299e2a3254a34eda309c8f9c2c7f51d6fd8e6d

  • SSDEEP

    12288:OzxVoNEXfnRXaF0IsZQWkQsHipSzERvCey4CZfxz4um:UvoQfhE0IbRiLRq3bzp

Score
10/10
qakbotbb1663053455bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.862

Botnet

BB

Campaign

1663053455

C2

194.49.79.231:443

193.3.19.37:443

99.232.140.205:2222

47.146.182.110:443

84.38.133.191:443

191.97.234.238:995

37.210.148.30:995

64.207.215.69:443

200.161.62.126:32101

88.245.103.132:2222

86.98.156.176:993

175.110.231.67:443

78.100.254.17:2222

191.84.204.214:995

123.240.131.1:443

197.94.210.133:443

196.92.172.24:8443

186.50.245.74:995

70.51.132.197:2222

100.1.5.250:995
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      12.html

    • Size

      535KB

    • MD5

      1890dec6809766b1409e74d082788a07

    • SHA1

      e989e72e6bf3f26d1a4683c5d319ee5bc5eb1119

    • SHA256

      c93944c924bc25056026fca8646a5db9cc03755a46bd76eba40329335a4d46e8

    • SHA512

      e1759efcb890767801b1d45daa43cb8bf40cbb8e70bd181696443466fb07227f649e6b82ade758ba3e54fc18b8299e2a3254a34eda309c8f9c2c7f51d6fd8e6d

    • SSDEEP

      12288:OzxVoNEXfnRXaF0IsZQWkQsHipSzERvCey4CZfxz4um:UvoQfhE0IbRiLRq3bzp

    Score
    10/10
    qakbotbb1663053455bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks