General
-
Target
document-1743692288.xls
-
Size
88KB
-
Sample
210218-pnw1z6fjv2
-
MD5
fa1f35763e1c13386feca469dd16a22b
-
SHA1
1cbfc5e62e085bba8366cc077dfc91923a8ceefd
-
SHA256
c9def02fd0b90810e1ac5af1906e461c8c1a5534ee19b5b2ce7aac77f2943b54
-
SHA512
31619aeebfdd1247252a9e3881c4ba5824b82558af2a814b1fe90b67b4403950f94f9ab02d968d30477031648cbf90c520b95f58f8beffa47952994a1c3b38dc
Malware Config
Extracted
https://miraclecollagen.co.za/ds/1802.gif
Extracted
qakbot
tr
1613385567
78.63.226.32:443
197.51.82.72:443
193.248.221.184:2222
95.77.223.148:443
71.199.192.62:443
77.211.30.202:995
80.227.5.69:443
77.27.204.204:995
81.97.154.100:443
173.184.119.153:995
38.92.225.121:443
81.150.181.168:2222
90.65.236.181:2222
83.110.103.152:443
73.153.211.227:443
188.25.63.105:443
89.137.211.239:995
202.188.138.162:443
98.173.34.212:995
87.202.87.210:2222
Targets
-
-
Target
document-1743692288.xls
-
Size
88KB
-
MD5
fa1f35763e1c13386feca469dd16a22b
-
SHA1
1cbfc5e62e085bba8366cc077dfc91923a8ceefd
-
SHA256
c9def02fd0b90810e1ac5af1906e461c8c1a5534ee19b5b2ce7aac77f2943b54
-
SHA512
31619aeebfdd1247252a9e3881c4ba5824b82558af2a814b1fe90b67b4403950f94f9ab02d968d30477031648cbf90c520b95f58f8beffa47952994a1c3b38dc
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-