General
-
Target
document-1667641715.xls
-
Size
331KB
-
Sample
201127-6mnajc5f8n
-
MD5
4def4a85970d84f28f183b566edf4e12
-
SHA1
8b82bfda8155e60b72fab4c36c8a51131f85cce6
-
SHA256
63fb46ea82f83b08541b2e8e4088f5f8671c49f3e4797118c0619d152978c8f9
-
SHA512
2409e33676203f6a9d4e46101c3a7dcb3835e7c08c292d47c1e820444e68698f8751f7276f5aa3a0b3600f6c4f6b030f9b156eb3cffd99168fe012e099646dac
Malware Config
Extracted
qakbot
tr02
1606301054
59.98.96.143:443
86.122.248.164:2222
101.185.175.169:2222
71.187.170.235:443
92.59.35.196:2222
188.52.193.110:995
90.175.88.99:2222
37.107.111.46:995
96.237.141.134:995
2.50.143.154:2078
109.205.204.229:2222
90.101.62.189:2222
41.228.220.155:443
190.128.215.174:443
188.26.243.119:443
79.113.247.80:443
82.76.47.211:443
73.248.120.240:443
72.36.59.46:2222
74.129.26.119:443
Targets
-
-
Target
document-1667641715.xls
-
Size
331KB
-
MD5
4def4a85970d84f28f183b566edf4e12
-
SHA1
8b82bfda8155e60b72fab4c36c8a51131f85cce6
-
SHA256
63fb46ea82f83b08541b2e8e4088f5f8671c49f3e4797118c0619d152978c8f9
-
SHA512
2409e33676203f6a9d4e46101c3a7dcb3835e7c08c292d47c1e820444e68698f8751f7276f5aa3a0b3600f6c4f6b030f9b156eb3cffd99168fe012e099646dac
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-