Overview

overview

10

Static

static

1

myufn.dll

windows7-x64

10

myufn.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    myufn.dll

  • Size

    812KB

  • Sample

    230203-p5cq8aah3x

  • MD5

    ab774bc383c2873262b3d0e7053dc464

  • SHA1

    887c14c6ea122c04bc821a727fc3c439c7b1846d

  • SHA256

    c5701af10df111f738ed461f5b071c4165ad6e26446a21daea8accb769b55f26

  • SHA512

    f5be764506ef200507e42e78bb866f3365db256fddd00bc1dcca24f663b391309561a423d8f394da6388248f952cc0fb64907f802d81040e53e4bda8d1801d8e

  • SSDEEP

    24576:sikjPg+4QceLhb6fMYaq4RPaOFmyjAjX:Bk0YBq6fjqX

Score
10/10
qakbotbb121675161160bankerpersistencespywarestealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.432

Botnet

BB12

Campaign

1675161160

C2

114.143.176.234:443

88.126.94.4:50000

103.252.7.228:443

87.10.205.117:443

82.15.58.109:2222

72.80.7.6:995

90.162.45.154:2222

47.34.30.133:443

50.68.204.71:993

112.141.184.246:995

73.165.119.20:443

91.169.12.198:32100

173.18.126.3:443

87.56.238.53:443

85.241.180.94:443

12.172.173.82:50001

92.154.17.149:2222

103.42.86.246:995

12.172.173.82:990

91.254.132.23:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      myufn.dll

    • Size

      812KB

    • MD5

      ab774bc383c2873262b3d0e7053dc464

    • SHA1

      887c14c6ea122c04bc821a727fc3c439c7b1846d

    • SHA256

      c5701af10df111f738ed461f5b071c4165ad6e26446a21daea8accb769b55f26

    • SHA512

      f5be764506ef200507e42e78bb866f3365db256fddd00bc1dcca24f663b391309561a423d8f394da6388248f952cc0fb64907f802d81040e53e4bda8d1801d8e

    • SSDEEP

      24576:sikjPg+4QceLhb6fMYaq4RPaOFmyjAjX:Bk0YBq6fjqX

    Score
    10/10
    qakbotbb121675161160bankerstealertrojanpersistencespyware

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks