Overview

overview

10

Static

static

10

userapi.dll

windows10-1703-x64

10

userapi.dll

windows10-2004-x64

10

userapi.dll

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    userapi.dll

  • Size

    167KB

  • Sample

    240422-tqd3ysdc67

  • MD5

    ce75519a7d251a187dbd7e72b53b093a

  • SHA1

    fa103591148ab8478a84ce25db28ece2e678bd02

  • SHA256

    59559e97962e40a15adb2237c4d01cfead03623aff1725616caeaa5a8d273a35

  • SHA512

    d40da7049f41ddb6b2e6bb751405385256fd9465101ebcf7af8441f8ffa4733df8528ea6312ca6c3d7e57b1365c4c472215865b978f17ccd11deb13b8bdbf5c8

  • SSDEEP

    3072:GeWBsy+tW4we6Ygz5vEEFV6Q+S19N+sqoi7geA7y9utB5t:GeWBsRE/dYw5FMkj+sNiTA7ptB

Score
10/10
qakbottchk081710958492bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

tchk08

Campaign

1710958492

C2

77.105.162.176:995

31.210.173.10:443

5.252.177.195:443
Attributes
  • camp_date

    2024-03-20 18:14:52 +0000 UTC

Targets

    • Target

      userapi.dll

    • Size

      167KB

    • MD5

      ce75519a7d251a187dbd7e72b53b093a

    • SHA1

      fa103591148ab8478a84ce25db28ece2e678bd02

    • SHA256

      59559e97962e40a15adb2237c4d01cfead03623aff1725616caeaa5a8d273a35

    • SHA512

      d40da7049f41ddb6b2e6bb751405385256fd9465101ebcf7af8441f8ffa4733df8528ea6312ca6c3d7e57b1365c4c472215865b978f17ccd11deb13b8bdbf5c8

    • SSDEEP

      3072:GeWBsy+tW4we6Ygz5vEEFV6Q+S19N+sqoi7geA7y9utB5t:GeWBsRE/dYw5FMkj+sNiTA7ptB

    Score
    10/10
    qakbottchk081710958492bankerstealertrojan

    • Detect Qakbot Payload

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks