General
-
Target
catalog-101660541.zip
-
Size
84KB
-
Sample
210423-t762m3ntbx
-
MD5
6e3aa606cb9e16bd78333b077c063ba6
-
SHA1
775de8891eff070b9830701f3424b864f6c35f30
-
SHA256
362649a8a5db8ab4cbd383ad8325a407a425458613e6508f6fdf10c5fd13da5d
-
SHA512
ba86ca54ede380b1193ead417d25fc2b968d098f19229b91e54c327f36a11c7b3577db61f0fa3d1dd00e977e3f09a090517867e8928caf9d4e00c4b85d946de1
Malware Config
Extracted
https://immobiliareneri.casa/drms/ind.html
https://gidbasket.com/drms/ind.html
Extracted
qakbot
402.12
tr
1618935072
140.82.49.12:443
190.85.91.154:443
96.37.113.36:993
71.41.184.10:3389
186.31.46.121:443
73.25.124.140:2222
109.12.111.14:443
24.229.150.54:995
45.32.211.207:443
45.77.117.108:443
45.77.117.108:8443
149.28.98.196:443
149.28.98.196:2222
144.202.38.185:443
144.202.38.185:995
45.32.211.207:995
207.246.116.237:995
149.28.99.97:995
45.63.107.192:2222
149.28.101.90:995
Targets
-
-
Target
catalog-101660541.xlsm
-
Size
109KB
-
MD5
65f4ca3b9c15bddd065d2ae31868c044
-
SHA1
ec8c10e4ea017dc1e2f4eaff64f7f78ac8bd7281
-
SHA256
8795349c5c77646383f490600a88d661dfb900b34f1e28d4c759b9d7d3a1e355
-
SHA512
d7c6019c2b9b6d06f86b7b6b27bf0c5d136c9d35774fd2f41cdad2eae1d3d506d117e1d0d3e36d52ddda04ccda8de9f107aa64f7a7b949fcebdea1e7e810464d
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-