General
-
Target
444444.png
-
Size
2.3MB
-
Sample
200526-xk49bs3f4x
-
MD5
f8849261a9db65164958d8c99ebc1f13
-
SHA1
004818f4c927ba99a0694fd94cc754dd4df731fd
-
SHA256
ec38eb6ee133958ef6cc3bfa257d9368c615b3182d22282f63d12ca7f2b2c5be
-
SHA512
7532e2943353bc7c38b54c7c128f27cccc41cfc2e5dfc86cd899de5c50b1af102f2dbd6648086a9d2d8b38797c27b6555fb2803594e2b7d1de266418e0b86bde
Malware Config
Extracted
qakbot
spx96
1586873043
72.209.191.27:443
173.22.120.11:2222
108.227.161.27:995
172.87.134.226:443
181.197.195.138:995
98.21.52.194:443
76.180.69.236:443
68.98.142.248:443
68.52.164.175:443
39.59.63.142:995
35.142.126.181:443
96.35.170.82:2222
75.111.145.5:443
47.214.144.253:443
74.105.139.160:443
67.8.103.21:443
50.108.212.180:443
83.25.7.201:2222
188.25.237.208:443
184.167.2.251:2222
Targets
-
-
Target
444444.png
-
Size
2.3MB
-
MD5
f8849261a9db65164958d8c99ebc1f13
-
SHA1
004818f4c927ba99a0694fd94cc754dd4df731fd
-
SHA256
ec38eb6ee133958ef6cc3bfa257d9368c615b3182d22282f63d12ca7f2b2c5be
-
SHA512
7532e2943353bc7c38b54c7c128f27cccc41cfc2e5dfc86cd899de5c50b1af102f2dbd6648086a9d2d8b38797c27b6555fb2803594e2b7d1de266418e0b86bde
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Windows security bypass
-
Executes dropped EXE
-
Turns off Windows Defender SpyNet reporting
-
Loads dropped DLL
-
Windows security modification
-
Adds Run entry to start application
-