General
-
Target
C.137675
-
Size
3.4MB
-
Sample
210218-q9ggc4mgns
-
MD5
4c35956aafde8bc2c58868baa53db923
-
SHA1
53def6e75c769a4d2e874ccac24aa4b0261d90d1
-
SHA256
53b4b521ba57363330e4113c1b1883168441d95ed5db2f06438bd2e5e3ddb5e1
-
SHA512
8d05424d6f01f1139918b17b9986125ad3788c5ddebfce100795767931a4e9f6a1b96a30717487da0730c46fc895832c37d460c27ccab9f31d064982c1054096
Malware Config
Extracted
qakbot
notset
1596817234
Protocol: ftp- Host:
192.185.5.208 - Port:
21 - Username:
logger@dustinkeeling.com - Password:
NxdkxAp4dUsY
Protocol: ftp- Host:
162.241.218.118 - Port:
21 - Username:
logger@misterexterior.com - Password:
EcOV0DyGVgVN
Protocol: ftp- Host:
69.89.31.139 - Port:
21 - Username:
cpanel@vivekharris-architects.com - Password:
fcR7OvyLrMW6!
Protocol: ftp- Host:
169.207.67.14 - Port:
21 - Username:
cpanel@dovetailsolar.com - Password:
eQyicNLzzqPN
47.44.217.98:443
86.97.146.204:2222
65.60.228.130:443
216.201.162.158:443
94.59.24.79:995
108.46.145.30:443
24.139.132.70:443
47.206.174.82:443
188.52.106.206:20
72.204.242.138:6881
173.173.72.199:443
71.163.224.206:443
63.155.9.141:995
100.34.195.237:443
47.39.177.171:2222
96.20.108.17:2222
115.21.224.117:443
70.164.39.91:443
45.47.65.191:443
207.155.107.111:443
Targets
-
-
Target
C.137675
-
Size
3.4MB
-
MD5
4c35956aafde8bc2c58868baa53db923
-
SHA1
53def6e75c769a4d2e874ccac24aa4b0261d90d1
-
SHA256
53b4b521ba57363330e4113c1b1883168441d95ed5db2f06438bd2e5e3ddb5e1
-
SHA512
8d05424d6f01f1139918b17b9986125ad3788c5ddebfce100795767931a4e9f6a1b96a30717487da0730c46fc895832c37d460c27ccab9f31d064982c1054096
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Executes dropped EXE
-
Loads dropped DLL
-