Overview

overview

10

Static

static

10

1448-54-0x...ry.dll

windows7-x64

1

1448-54-0x...ry.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1448-54-0x0000000010000000-0x0000000010023000-memory.dmp

  • Size

    140KB

  • Sample

    240302-wcq7gaff4x

  • MD5

    4973e7a918a6e0213643607c5a1cd5f6

  • SHA1

    8db5ed13fe790a02c0e59d69bc056e675270bb74

  • SHA256

    97fecdf6b1ef1a0dfac6b8ee72330ad5393b33290067b443c62315ab9885e2ae

  • SHA512

    8f7057f1b4a55fdabe39a7b9bb636e7c92e2874ccbd0284fbf9f31ef442f5c30b725789bb37fe378881b7fc09766b01002c0633da25671e60813fb4d735a1a51

  • SSDEEP

    3072:eaYogKI1keZwRYc/XCggn9wSAUJ2yn3zwTBfP1W8LEN:efZwR1Cgg9w3UJHn3zwTBH1S

Score
10/10
qakbotbb191678774690

Malware Config

Extracted

Family

qakbot

Version

404.246

Botnet

BB19

Campaign

1678774690

C2

81.229.117.95:2222

67.248.21.32:443

47.34.30.133:443

49.175.72.7:443

76.80.180.154:995

24.117.237.157:443

35.143.97.145:995

92.1.170.110:995

105.186.229.59:995

183.87.163.165:443

76.170.252.153:995

136.232.184.134:995

86.10.146.216:443

109.158.144.102:995

50.68.204.71:995

80.1.152.201:443

71.65.145.108:443

12.172.173.82:465

72.80.7.6:50003

184.153.132.82:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      1448-54-0x0000000010000000-0x0000000010023000-memory.dmp

    • Size

      140KB

    • MD5

      4973e7a918a6e0213643607c5a1cd5f6

    • SHA1

      8db5ed13fe790a02c0e59d69bc056e675270bb74

    • SHA256

      97fecdf6b1ef1a0dfac6b8ee72330ad5393b33290067b443c62315ab9885e2ae

    • SHA512

      8f7057f1b4a55fdabe39a7b9bb636e7c92e2874ccbd0284fbf9f31ef442f5c30b725789bb37fe378881b7fc09766b01002c0633da25671e60813fb4d735a1a51

    • SSDEEP

      3072:eaYogKI1keZwRYc/XCggn9wSAUJ2yn3zwTBfP1W8LEN:efZwR1Cgg9w3UJHn3zwTBH1S

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks