General
-
Target
ed788117795858a1ed999a41ba5df575.zip
-
Size
174KB
-
Sample
210226-f3ex4h3fka
-
MD5
9cb3e1cf756df92c708b1e291688c160
-
SHA1
134883ceb4445f335b65a0bb4e396b7f28c930aa
-
SHA256
94382a2fd57206ff106d69deb0c8ccdc8acb1d9002f9811cc34e18511108b658
-
SHA512
55f9e34f1de64800f565778e0a4eb4a7266e0f5ff4dc8f6465771e84c8dae07da1ebc303b1ea946bdb09cca91614b1ac436f0163f022db4aba2bbd4fd1a16429
Malware Config
Extracted
qakbot
obama07
1614243368
71.163.223.159:443
87.202.87.210:2222
98.192.185.86:443
78.180.179.136:443
115.133.243.6:443
140.82.49.12:443
2.7.116.188:2222
83.110.11.244:2222
187.250.39.162:443
213.60.147.140:443
188.26.91.212:443
86.236.77.68:2222
172.87.157.235:3389
79.115.174.55:443
113.22.175.141:443
217.133.54.140:32100
83.110.109.106:2222
176.181.247.197:443
59.90.246.200:443
173.21.10.71:2222
Targets
-
-
Target
ed788117795858a1ed999a41ba5df575
-
Size
367KB
-
MD5
ed788117795858a1ed999a41ba5df575
-
SHA1
a5aa717d87fcd1e517872413667186920f878f12
-
SHA256
a30305671db6f28ac5f207fcbb6ebbde80e3f27eb87d0cd708bf03907a026109
-
SHA512
06f5161469c95b91992ab44a614b148a0ccecd3ec29e092b88ce162b6be86c02f06e9777c1a99215a7f5c1c74612f67c1b549247de8e4b00c6ed1b165423bf03
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-