Overview

overview

10

Static

static

update2.exe

windows7-x64

10

update2.exe

windows10-2004-x64

10

Resubmissions

28-12-2022 20:37

221228-zea5taef5v 10

13-07-2021 12:27

210713-cvc55ag4yn 10

25-02-2021 06:56

210225-dwftz9jkjn 10

04-11-2019 11:15

191104-athqk1tjxn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    update2.exe

  • Size

    746KB

  • Sample

    221228-zea5taef5v

  • MD5

    0bfb4a1efbb20a7291fcc022dec7d58b

  • SHA1

    faec2a0afe296224f980ac059cf63f18eba800ce

  • SHA256

    73ae67036a0d291c18208037010de359520cd613dda2f9eabfde3fec5558324f

  • SHA512

    eae0e585ef29f56f27da897783ec582b228124437a6355cfd7b56be229558913dfd87d3005482c0fe54ba8f5e79fb1d50f869bd0e619b0ca7318ac055c62b425

  • SSDEEP

    12288:dhhWltABHdeQEWngq+75M0m4Y3QxKmjKIiRCFhnquQI80BvaFViHM8:dhhQA5d4VMB4YQoiHnM0F

Score
10/10
qakbot1572863946bankerevasionpersistencestealertrojan

Malware Config

Extracted

Family

qakbot

Version

323.91

Campaign

1572863946

Credentials

  • Protocol:     ftp
  • Host:
    192.185.5.208
  • Port:
    21
  • Username:
    logger@dustinkeeling.com
  • Password:
    NxdkxAp4dUsY

  • Protocol:     ftp
  • Host:
    162.241.218.118
  • Port:
    21
  • Username:
    logger@misterexterior.com
  • Password:
    EcOV0DyGVgVN

  • Protocol:     ftp
  • Host:
    69.89.31.139
  • Port:
    21
  • Username:
    cpanel@vivekharris-architects.com
  • Password:
    fcR7OvyLrMW6!

  • Protocol:     ftp
  • Host:
    169.207.67.14
  • Port:
    21
  • Username:
    cpanel@dovetailsolar.com
  • Password:
    eQyicNLzzqPN
C2

112.171.126.153:443

67.200.146.98:2222

174.16.234.171:993

71.30.56.170:443

71.77.231.251:443

72.213.98.233:443

2.50.170.151:443

184.180.157.203:2222

96.35.170.82:2222

64.19.74.29:995

104.32.185.213:2222

104.3.91.20:995

173.22.120.11:2222

173.3.132.17:995

74.194.4.181:443

75.131.72.82:443

68.238.144.55:443

100.4.185.8:443

104.34.122.18:443

65.30.12.240:443

Targets

    • Target

      update2.exe

    • Size

      746KB

    • MD5

      0bfb4a1efbb20a7291fcc022dec7d58b

    • SHA1

      faec2a0afe296224f980ac059cf63f18eba800ce

    • SHA256

      73ae67036a0d291c18208037010de359520cd613dda2f9eabfde3fec5558324f

    • SHA512

      eae0e585ef29f56f27da897783ec582b228124437a6355cfd7b56be229558913dfd87d3005482c0fe54ba8f5e79fb1d50f869bd0e619b0ca7318ac055c62b425

    • SSDEEP

      12288:dhhWltABHdeQEWngq+75M0m4Y3QxKmjKIiRCFhnquQI80BvaFViHM8:dhhQA5d4VMB4YQoiHnM0F

    Score
    10/10
    qakbot1572863946bankerstealertrojanevasionpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks