General
-
Target
5932c8742b819a8112fabdc0b9db1811
-
Size
217KB
-
Sample
200520-6dennfkhza
-
MD5
5932c8742b819a8112fabdc0b9db1811
-
SHA1
207adef0130ed8574f5de2a9a94a796c06e04951
-
SHA256
4bd9bde3970fb7ae3fefb0c70d36a4e1da7ef94b4fb0cb7b867835bbc7373d98
-
SHA512
53cafd5425a8b4430a336308e2e0feac7b11c12754ee97f493a5cc0de69d491efb4b28fe967063272d2ebb32c3155f50443f2bb0496b9a44c5ebe6c2414253b3
Malware Config
Extracted
qakbot
spx123
1589977350
71.77.252.14:2222
174.130.225.61:443
76.187.97.98:2222
187.19.151.218:995
82.127.193.151:2222
72.204.242.138:993
72.204.242.138:993
66.208.105.6:443
24.183.39.93:443
98.243.187.85:443
68.49.120.179:443
72.204.242.138:995
72.29.181.77:2078
72.204.242.138:443
24.136.33.120:2222
96.56.237.174:990
107.2.148.99:443
216.201.162.158:443
71.213.29.14:995
84.247.55.190:443
Targets
-
-
Target
Darlehensvertrag_237886470423_19052020.vbs
-
Size
36.3MB
-
MD5
a6eb9d904fc5eddda76ad4f9cf678e03
-
SHA1
c370a3c9e108ae2452dfdedc91a2aa04634c7002
-
SHA256
dfacae17a54e54e9b25d77399619859ed6b196318bd06341c22c7a8b4a090254
-
SHA512
c00ac4ecaf2623ac4eb4d47191b3b0608d80bd3da552310652a2ccbc306b408f8c0d6d9e3f35208e2ad93b0c7a872ff8c055db7f2a3ecbb259ae639b55d780fb
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-