Overview

overview

10

Static

static

folkzaha.dll

windows7-x64

10

folkzaha.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    folkzaha.dll

  • Size

    440KB

  • Sample

    220914-bphqmshaa9

  • MD5

    117820c96b9443cdf6f8b32051ce40ae

  • SHA1

    abd58883ca721f4796b24c788c5f76d36f191b4f

  • SHA256

    95682615b30f5ea299b4e60dba79f83b6d09052acab3cb9e1730b480b7dab340

  • SHA512

    007fc72e96edf72dc3429a0fdfa5d21dbafec0b40eb99f30e2cecc7e23ebfef3bb5f036a22606d10481dc85031414c9acd163aa96adb90654ebea83c1a73bd18

  • SSDEEP

    6144:pnO4pVZMiTaRCLldgZO1nRY4DAOS/+gFlv4K0r1IppzNKRaqaBy0354:qiTa8nY/+gX4fWLzNKYrBy035

Score
10/10
qakbotbb1663053540bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.862

Botnet

BB

Campaign

1663053540

C2

194.49.79.231:443

193.3.19.37:443

99.232.140.205:2222

47.146.182.110:443

84.38.133.191:443

191.97.234.238:995

37.210.148.30:995

64.207.215.69:443

200.161.62.126:32101

88.245.103.132:2222

86.98.156.176:993

175.110.231.67:443

78.100.254.17:2222

191.84.204.214:995

123.240.131.1:443

197.94.210.133:443

196.92.172.24:8443

186.50.245.74:995

70.51.132.197:2222

100.1.5.250:995
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      folkzaha.dll

    • Size

      440KB

    • MD5

      117820c96b9443cdf6f8b32051ce40ae

    • SHA1

      abd58883ca721f4796b24c788c5f76d36f191b4f

    • SHA256

      95682615b30f5ea299b4e60dba79f83b6d09052acab3cb9e1730b480b7dab340

    • SHA512

      007fc72e96edf72dc3429a0fdfa5d21dbafec0b40eb99f30e2cecc7e23ebfef3bb5f036a22606d10481dc85031414c9acd163aa96adb90654ebea83c1a73bd18

    • SSDEEP

      6144:pnO4pVZMiTaRCLldgZO1nRY4DAOS/+gFlv4K0r1IppzNKRaqaBy0354:qiTa8nY/+gX4fWLzNKYrBy035

    Score
    10/10
    qakbotbb1663053540bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks