Overview

overview

10

Static

static

10

1252-95-0x...ry.dll

windows7-x64

3

1252-95-0x...ry.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1252-95-0x0000000000490000-0x00000000004BA000-memory.dmp

  • Size

    168KB

  • Sample

    221208-nv3dfscg9v

  • MD5

    75fda09c4e480fc88aef6d3d1a7f0139

  • SHA1

    b67c0affdbcf75426eb05ced272cfc28706aba16

  • SHA256

    50b141a77a6d7aee8bd9fe7f57aae3c22686b6ce30a43c524e95f304720fd8a2

  • SHA512

    b73cd262f3d3b21eb1075046ed1c7892540daa5549ec2865f962d0a5ac5d4cc805b28b6cb0c5a2e2a8de65b329b44a67b1dcbfb09b89454202c0a19b08bc534d

  • SSDEEP

    3072:ogqbq660Q8ab2YnS4xAd2JP1VJHTBfJghO/yapv:BT1LbXS46d2JdVJHTBBg4/

Score
10/10
qakbotobama2261670237875

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama226

Campaign

1670237875

C2

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      1252-95-0x0000000000490000-0x00000000004BA000-memory.dmp

    • Size

      168KB

    • MD5

      75fda09c4e480fc88aef6d3d1a7f0139

    • SHA1

      b67c0affdbcf75426eb05ced272cfc28706aba16

    • SHA256

      50b141a77a6d7aee8bd9fe7f57aae3c22686b6ce30a43c524e95f304720fd8a2

    • SHA512

      b73cd262f3d3b21eb1075046ed1c7892540daa5549ec2865f962d0a5ac5d4cc805b28b6cb0c5a2e2a8de65b329b44a67b1dcbfb09b89454202c0a19b08bc534d

    • SSDEEP

      3072:ogqbq660Q8ab2YnS4xAd2JP1VJHTBfJghO/yapv:BT1LbXS46d2JdVJHTBBg4/

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks