Overview

overview

10

Static

static

1

73e4969db4...a8.dll

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73e4969db4253f9aeb2cbc7462376fb7e26cc4bb5bd23b82e2af0eaaf5ae66a8

  • Size

    2.3MB

  • Sample

    240603-bz4qvsfh65

  • MD5

    74cf47683051f44e6fb55ac9360c717e

  • SHA1

    93b1ab0a9e70a546c4b89dcb20a158dfc90b1421

  • SHA256

    73e4969db4253f9aeb2cbc7462376fb7e26cc4bb5bd23b82e2af0eaaf5ae66a8

  • SHA512

    8425057a65e7f7e39956b8b245bdcaf2d2e827664ee34693cd055ac92f37d1b4f285bac3acc3be9df67d99b1ab8edd4602d7b7bc80ba9eecc2979b8ab37cbb72

  • SSDEEP

    49152:aRJVY7Gs7IvXK6eBTC28d97NSkkBL3HgogWmv:aRJAIHXSkkBbHgoHmv

Score
10/10
qakbotobama1501640256791bankerevasionstealertrojan

Malware Config

Extracted

Family

qakbot

Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Extracted

Family

qakbot

Version

403.10

Botnet

obama150

Campaign

1640256791

C2

96.21.251.127:2222

70.51.134.181:2222

69.14.172.24:443

186.64.87.213:443

94.62.161.77:995

103.139.242.30:990

114.79.148.170:443

217.164.247.241:2222

178.153.86.181:443

136.232.34.70:443

37.210.226.125:61202

173.21.10.71:2222

31.219.154.176:32101

140.82.49.12:443

32.221.229.7:443

24.152.219.253:995

106.51.48.170:50001

114.38.161.124:995

96.37.113.36:993

190.39.205.165:443
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      73e4969db4253f9aeb2cbc7462376fb7e26cc4bb5bd23b82e2af0eaaf5ae66a8

    • Size

      2.3MB

    • MD5

      74cf47683051f44e6fb55ac9360c717e

    • SHA1

      93b1ab0a9e70a546c4b89dcb20a158dfc90b1421

    • SHA256

      73e4969db4253f9aeb2cbc7462376fb7e26cc4bb5bd23b82e2af0eaaf5ae66a8

    • SHA512

      8425057a65e7f7e39956b8b245bdcaf2d2e827664ee34693cd055ac92f37d1b4f285bac3acc3be9df67d99b1ab8edd4602d7b7bc80ba9eecc2979b8ab37cbb72

    • SSDEEP

      49152:aRJVY7Gs7IvXK6eBTC28d97NSkkBL3HgogWmv:aRJAIHXSkkBbHgoHmv

    Score
    10/10
    qakbotobama1501640256791bankerevasionstealertrojan
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks