General
-
Target
41f07a0bd745cd45713adc628491ed50aec7176b168ad712dcd19f67f68a729d.zip
-
Size
618KB
-
Sample
210924-qdstsshag8
-
MD5
35a7201e89c8bdf053041792589cd12e
-
SHA1
0c3d2215ad68d32dafbd7efeb1e72a935c8e82f1
-
SHA256
e8e8915001ef3e27582e41f6d067cc24c46ab9cb7f1ec3c2e0d7f1362c0a1b31
-
SHA512
b863a12fabf8ac1f30e4842193e2dba411c92b78ebe213c0af62caa9b831c9b9981098bae2458bdd72717f7f6c4df19fba204d1d41269aad5eb1dca0a7c262ce
Malware Config
Extracted
qakbot
402.318
obama100
1632151873
45.46.53.140:2222
144.139.47.206:443
189.210.115.207:443
120.150.218.241:995
47.22.148.6:443
140.82.49.12:443
24.139.72.117:443
24.229.150.54:995
24.55.112.61:443
136.232.34.70:443
95.77.223.148:443
173.21.10.71:2222
76.25.142.196:443
96.37.113.36:993
71.74.12.34:443
73.151.236.31:443
67.165.206.193:993
109.12.111.14:443
68.204.7.158:443
105.198.236.99:443
Targets
-
-
Target
41f07a0bd745cd45713adc628491ed50aec7176b168ad712dcd19f67f68a729d.dll
-
Size
823KB
-
MD5
9ecefd1c12ac0a0c60adb48c91b5c538
-
SHA1
513038c602885d5a4c4a69a68f9ca254417ea6c6
-
SHA256
41f07a0bd745cd45713adc628491ed50aec7176b168ad712dcd19f67f68a729d
-
SHA512
55f05011c3109c9a841673eee6984d9a35b502605c3e22b3cb7a7acdbc346de78b5e5308a9ba646195b863a0639a93e01e4bc3d5eb4c9a092cbf61d1e0438d42
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-
Drops file in System32 directory
-