Overview

overview

10

Static

static

10

b6e629128e...8e.dll

windows7-x64

10

b6e629128e...8e.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    47s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    28-10-2022 13:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6e629128e9316820cfd5bdfe4d621d5a7435717879d554567df31352fb8558e.dll

  • Size

    157KB

  • MD5

    258f4d970b7185375d31dc46a939a6ff

  • SHA1

    bf33205fb9aa14345384245823ee11d84b538cfd

  • SHA256

    b6e629128e9316820cfd5bdfe4d621d5a7435717879d554567df31352fb8558e

  • SHA512

    c5b9a87fc1d6a21ff22e4d1e4dfd9174545e05f7e37d9a0c63e801a9f813f3b732c04b1b76d66da72e4cebaa47efcf697d0025a6e75284c582c5589a026cb9df

  • SSDEEP

    3072:O040Uu4Yjm8j7qHllvH2AoJgSXRETBfNirskO/yaY/fT:p4YjTjGHnzoJhXRETBlirsP/g/

Score
10/10
qakbotbankerstealertrojan

Malware Config

Signatures

  • Qakbot/Qbot

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    trojanbankerstealerqakbot
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b6e629128e9316820cfd5bdfe4d621d5a7435717879d554567df31352fb8558e.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1268
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\b6e629128e9316820cfd5bdfe4d621d5a7435717879d554567df31352fb8558e.dll
      2⤵
        PID:824

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/824-55-0x0000000000000000-mapping.dmp
      Download
    • memory/824-56-0x00000000757A1000-0x00000000757A3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/824-57-0x00000000001C0000-0x00000000001E9000-memory.dmp
      Filesize

      164KB

      Download
    • memory/824-59-0x00000000001C0000-0x00000000001E9000-memory.dmp
      Filesize

      164KB

      Download
    • memory/1268-54-0x000007FEFB8B1000-0x000007FEFB8B3000-memory.dmp
      Filesize

      8KB

      Download