General
-
Target
claim (93).zip
-
Size
15KB
-
Sample
210218-jhpadc8l56
-
MD5
7b5cb946a6d08389ea7642b2e6945cff
-
SHA1
9b26da1f955a7c0009c0b857f9430c56f070a6c5
-
SHA256
50262dd5d3fb500fb179039794e8734c2e79e05f6b763ea2c16f73cd055192df
-
SHA512
a809a3be5462471f6bc329939efe03b2291b4299f44135a0738f806de46462bee1e330f69f0d347878e59d12a82b20b462ba3bc17389f62808665237f765d1ba
Malware Config
Extracted
https://marcostrombetta.com.br/ds/1802.gif
Extracted
qakbot
tr
1613385567
78.63.226.32:443
197.51.82.72:443
193.248.221.184:2222
95.77.223.148:443
71.199.192.62:443
77.211.30.202:995
80.227.5.69:443
77.27.204.204:995
81.97.154.100:443
173.184.119.153:995
38.92.225.121:443
81.150.181.168:2222
90.65.236.181:2222
83.110.103.152:443
73.153.211.227:443
188.25.63.105:443
89.137.211.239:995
202.188.138.162:443
98.173.34.212:995
87.202.87.210:2222
Targets
-
-
Target
document-1692717528.xls
-
Size
88KB
-
MD5
4a775f6986621d7ef8279cb2a357e9c4
-
SHA1
4e7858505fad3da989137fd7bff246ac059ed256
-
SHA256
6fd7a7bdc82d2752c521a6da37b990ea143889e0fc6a638d0151f6a6bebb472d
-
SHA512
451abf1ff0b8e1087dc37d0b0d74f647bccb29f3797c810b699a1be7d1cf1fb8c950751118fab939a3bf45d8a81dbe2de5c26c2173e1be205235ddcca2d7cd61
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-