Overview

overview

10

Static

static

2.dll

windows7-x64

10

2.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2.bin

  • Size

    445KB

  • Sample

    220913-yvhddsgec5

  • MD5

    a688dca027c34cb1ecdf3d994bf85874

  • SHA1

    de2ad1862d5450b4d288e0df8b5d05d4f31bd832

  • SHA256

    dfcafcbfc44bd2041e98d9dff807b909b6f3491c9c49c21670233ece1422098b

  • SHA512

    a59e9d6358aafebe144b0983b587a6eaad5900bebd833c7fa18f5db765e6927ac60149a1de1446917f94f6fb755332fec48d22ae92b95856fefe3f6a9663e254

  • SSDEEP

    6144:pnO4pVZMiTaRCLldgZO1nRY4DAOS/+gFlv4K0r1IppzNKRaqaBy0354:qiTa8nY/+gX4fWLzNKYrBy035

Score
10/10
qakbotbb1663053540bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.862

Botnet

BB

Campaign

1663053540

C2

194.49.79.231:443

193.3.19.37:443

99.232.140.205:2222

47.146.182.110:443

84.38.133.191:443

191.97.234.238:995

37.210.148.30:995

64.207.215.69:443

200.161.62.126:32101

88.245.103.132:2222

86.98.156.176:993

175.110.231.67:443

78.100.254.17:2222

191.84.204.214:995

123.240.131.1:443

197.94.210.133:443

196.92.172.24:8443

186.50.245.74:995

70.51.132.197:2222

100.1.5.250:995
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      2.bin

    • Size

      445KB

    • MD5

      a688dca027c34cb1ecdf3d994bf85874

    • SHA1

      de2ad1862d5450b4d288e0df8b5d05d4f31bd832

    • SHA256

      dfcafcbfc44bd2041e98d9dff807b909b6f3491c9c49c21670233ece1422098b

    • SHA512

      a59e9d6358aafebe144b0983b587a6eaad5900bebd833c7fa18f5db765e6927ac60149a1de1446917f94f6fb755332fec48d22ae92b95856fefe3f6a9663e254

    • SSDEEP

      6144:pnO4pVZMiTaRCLldgZO1nRY4DAOS/+gFlv4K0r1IppzNKRaqaBy0354:qiTa8nY/+gX4fWLzNKYrBy035

    Score
    10/10
    qakbotbb1663053540bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks