Overview

overview

10

Static

static

10

wermgr_exe...86.dll

windows7-x64

1

wermgr_exe...86.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wermgr_exe_PID6fa4_hiddenmodule_2A20000_x86.dll

  • Size

    144KB

  • Sample

    230209-2gv9wahd31

  • MD5

    14e3e1675e6be10b760d65836776eeb1

  • SHA1

    3f194bd49add35dd0c673d0d6152d85c28674000

  • SHA256

    3096fc663f6ad5bc36aa4cb7ee5cb8d4755321c0af145ec4831d053ca45d0248

  • SHA512

    58180b8f04c20b0940f0d010d1a569990efdb1637a81d1c9beea8eea315ca1dbeffc2e6ef276de53652ae6b6df1d5ad09cd92e92b4288ae794bb53cfc51f0b70

  • SSDEEP

    3072:ZgeCJjUDtMvJRj8b4KwneMEAvJJgLAfTBfPOKs:4UDtMRF8b4KJMRvJqLAfTBHOK

Score
10/10
qakbotbb121675417198

Malware Config

Extracted

Family

qakbot

Version

404.432

Botnet

BB12

Campaign

1675417198

C2

12.172.173.82:995

12.172.173.82:2087

50.68.204.71:443

84.215.202.22:443

98.175.176.254:995

184.155.91.69:443

50.68.186.195:443

183.87.163.165:443

172.248.42.122:443

93.156.100.20:443

102.156.32.143:443

50.60.157.175:995

75.143.236.149:443

69.133.162.35:443

105.184.159.165:995

130.43.172.217:2222

82.36.36.76:443

73.223.248.31:443

202.142.98.62:443

73.161.176.218:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      wermgr_exe_PID6fa4_hiddenmodule_2A20000_x86.dll

    • Size

      144KB

    • MD5

      14e3e1675e6be10b760d65836776eeb1

    • SHA1

      3f194bd49add35dd0c673d0d6152d85c28674000

    • SHA256

      3096fc663f6ad5bc36aa4cb7ee5cb8d4755321c0af145ec4831d053ca45d0248

    • SHA512

      58180b8f04c20b0940f0d010d1a569990efdb1637a81d1c9beea8eea315ca1dbeffc2e6ef276de53652ae6b6df1d5ad09cd92e92b4288ae794bb53cfc51f0b70

    • SSDEEP

      3072:ZgeCJjUDtMvJRj8b4KwneMEAvJJgLAfTBfPOKs:4UDtMRF8b4KJMRvJqLAfTBHOK

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks