lhuft.exe
lhuft.exe
717KB
200109-pvvhk66ab2
fb95f25c5c1b96f226c78f614509f1f7
e43db8ac3015dd16a9a74eed6642b9b85dfd1c92
7f90029d8bb4d49d1001a65f4d139f1a2b630b420e5caf4315e5d3da43d603b2
ae1c4c93dc5ad50a9a3d7a5d70ef3ab405f8f6b936b56324034329318699124c746a6440fdd61f1df4531e86fc67f4f243e772fc2df7f70947eca6f1d7fecfe2
Extracted
Family | qakbot |
Campaign | 1577715876 |
C2 |
80.14.209.42:2222 207.237.1.152:443 74.96.151.6:443 137.99.224.198:443 172.221.45.151:443 71.30.56.170:443 184.191.62.78:443 73.195.20.237:443 173.3.132.17:995 71.88.220.181:443 64.19.74.29:995 47.23.101.26:465 208.126.142.17:443 66.214.75.176:443 75.97.151.96:995 45.45.105.94:995 71.226.140.73:443 45.45.105.94:443 24.229.245.124:995 76.180.69.236:443 138.122.5.214:443 174.101.35.214:443 206.51.202.106:50002 162.244.224.166:443 24.32.119.146:443 130.93.11.211:443 73.133.46.105:995 98.118.162.34:443 12.5.37.3:443 71.77.231.251:443 172.242.9.118:995 75.165.141.78:443 12.5.37.3:995 108.227.161.27:443 162.244.225.30:443 100.1.47.98:443 24.229.150.54:995 72.187.35.131:443 46.248.61.176:995 68.49.120.179:443 24.191.227.91:2222 98.252.150.180:443 184.167.2.251:2222 67.214.21.207:443 47.180.66.10:443 72.190.101.70:443 70.124.29.226:443 100.38.164.182:443 100.40.48.96:443 47.182.89.157:443 |
lhuft.exe
fb95f25c5c1b96f226c78f614509f1f7
717KB
e43db8ac3015dd16a9a74eed6642b9b85dfd1c92
7f90029d8bb4d49d1001a65f4d139f1a2b630b420e5caf4315e5d3da43d603b2
ae1c4c93dc5ad50a9a3d7a5d70ef3ab405f8f6b936b56324034329318699124c746a6440fdd61f1df4531e86fc67f4f243e772fc2df7f70947eca6f1d7fecfe2
Tags
Signatures
-
Turn off Windows Defender SpyNet reporting
-
Loads dropped DLL
-
Executes dropped EXE
-
Windows security bypass
-
Adds Run entry to start application
Tags
TTPs
-
Qakbot/Qbot
Description
Qbot or Qakbot is a sophisticated worm with banking capabilities
Tags