Overview

overview

10

Static

static

CL.lnk

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2cd1be65e78ccbd2cdc8bd3711e1f2199a706c341cd62c6636d4cba96a5ce447.iso

  • Size

    1.6MB

  • Sample

    221122-vd18dsea9z

  • MD5

    c33699bd0e4cf0e385238ef1da4fac44

  • SHA1

    3bc0ad15c31c951173aa6bf6d2db3a94e7a296b0

  • SHA256

    2cd1be65e78ccbd2cdc8bd3711e1f2199a706c341cd62c6636d4cba96a5ce447

  • SHA512

    c2f3edc72e94823426caa923ab4cb5ea2dc8aa6520fe7d43cc383a796364e45580bb4c3662f362ae8b98472627f126d4773d0d5ebded03b9c88b39b9d8f0db4f

  • SSDEEP

    24576:G3VzebIGQvSeKV9TAwPZ8nPQQrrabMxNd6LE3Sl+w:6JvgMQM3fd66Sw

Score
10/10
qakbotbb061668418916bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.27

Botnet

BB06

Campaign

1668418916

C2

24.142.218.202:443

152.170.17.136:443

90.104.22.28:2222

24.64.114.59:61202

86.225.214.138:2222

92.27.86.48:2222

70.120.228.205:2083

24.206.27.39:443

27.99.45.237:2222

105.103.27.80:32103

170.253.25.35:443

24.64.114.59:2222

92.207.132.174:2222

86.133.237.3:443

172.117.139.142:995

108.6.249.139:443

92.239.81.124:443

86.129.13.128:2222

47.34.30.133:443

86.148.55.111:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      CL.lnk

    • Size

      1KB

    • MD5

      7d82b0c9baf5165ad9f2da1015f35310

    • SHA1

      e81bbc1d79eedd5b00a423dde28826716c38e326

    • SHA256

      1bd2c7e0204b957470fa5f955a22b9a7bf905e23f41acbcc83a4ec08b922f1c1

    • SHA512

      f40e1c7ec6018f60590c73d37c7ec88807ba6e11fddbb503c036432fcdb7b7ecef23f4ccef252705a5c5e71d22282ca9ca55fb63e4efa87c6d4efbbd9a9747b6

    Score
    10/10
    qakbotbb061668418916bankerstealertrojan
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks