Overview

overview

10

Static

static

10

1712-57-0x...ry.dll

windows7-x64

1

1712-57-0x...ry.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1712-57-0x0000000002FD0000-0x0000000002FF3000-memory.dmp

  • Size

    140KB

  • Sample

    230314-v7mxvsgg98

  • MD5

    ec48627b616c7a743f144f720bb07a1b

  • SHA1

    1924e872f54c76d509ec38b587dfbbadb76d7d8f

  • SHA256

    1e9172c3abcedda7b783e287c84fa5bc6a8dad890bcada99d77f7b8f7f53a27c

  • SHA512

    ef860fb3116628eda3ad85ea1a59481dd4997624d76ab27f7e28d0857cd9679be3e43e2deab2b4c7f925ccd9b6f7e776fb44afc47bf3f107ae96d4412ae5bd91

  • SSDEEP

    3072:qPm6Sfu8DIWSt7h/ByAsJVcpbATBfP81/BImin:9IWW7DXsJOpbATBH8FBR

Score
10/10
qakbotobama2421678805546

Malware Config

Extracted

Family

qakbot

Version

404.266

Botnet

obama242

Campaign

1678805546

C2

92.239.81.124:443

176.202.46.81:443

2.49.58.47:2222

86.225.214.138:2222

74.66.134.24:443

213.31.90.183:2222

12.172.173.82:50001

202.187.87.178:995

70.53.96.223:995

92.154.45.81:2222

186.64.67.54:443

81.158.112.20:2222

190.191.35.122:443

68.173.170.110:8443

12.172.173.82:993

98.145.23.67:443

12.172.173.82:22

37.186.55.60:2222

84.216.198.124:6881

73.161.176.218:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      1712-57-0x0000000002FD0000-0x0000000002FF3000-memory.dmp

    • Size

      140KB

    • MD5

      ec48627b616c7a743f144f720bb07a1b

    • SHA1

      1924e872f54c76d509ec38b587dfbbadb76d7d8f

    • SHA256

      1e9172c3abcedda7b783e287c84fa5bc6a8dad890bcada99d77f7b8f7f53a27c

    • SHA512

      ef860fb3116628eda3ad85ea1a59481dd4997624d76ab27f7e28d0857cd9679be3e43e2deab2b4c7f925ccd9b6f7e776fb44afc47bf3f107ae96d4412ae5bd91

    • SSDEEP

      3072:qPm6Sfu8DIWSt7h/ByAsJVcpbATBfP81/BImin:9IWW7DXsJOpbATBH8FBR

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks