General
-
Target
sample-324887-0a7ab9da9997bf3f75ec4549a9b9daf0.zip
-
Size
133KB
-
Sample
201205-2qd6xkqxgx
-
MD5
4baa3fa2bc6c6a5058e369232a4b2cdc
-
SHA1
32fa18326909effcaaa8c5a91fa9403e4eb93001
-
SHA256
8edc4c2dd797397d883e6f73866939f182dde407b270ae7655b17bf55dfb0902
-
SHA512
e25f8655bfd686c0266976df07e4a02269972e83ecd41e31e33e2fb1e54608a91d2a14b97899ad82cf94542b00cff8dc96a461844af3aa6a54057bcfdb159fe1
Malware Config
Extracted
smokeloader
2020
http://cent.live/
Extracted
qakbot
tr01
1604997522
122.61.213.85:443
2.50.89.119:995
189.183.201.0:443
86.98.145.152:2222
96.241.66.126:443
90.101.117.122:2222
94.69.112.148:2222
81.150.181.168:2222
82.127.125.209:2222
81.214.126.173:2222
86.140.82.116:20
172.87.157.235:443
176.181.247.197:443
78.97.110.47:443
5.15.90.117:2222
41.206.131.156:443
151.73.112.67:443
82.127.125.209:990
197.45.110.165:995
81.133.234.36:2222
Targets
-
-
Target
Vuu0hnOqjF.exe
-
Size
340KB
-
MD5
0a7ab9da9997bf3f75ec4549a9b9daf0
-
SHA1
d5ffba8afc0cccf2a3194c572db74605dd8879d3
-
SHA256
1a78aaf6aae3b9d9a32dc6c8cfe9182043f71a3d44e727464ab95a70fc24bbe8
-
SHA512
3f03bd23458e05469df1623e55a71b6bdad1c7a9af2bf8e7f8750406bd17e759d8b1049ed1531aeee9da503fa86d692bc29ec1a94126be6ff20b647e2840ffbe
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-