General
-
Target
4a8e923c9cdd44e1a8f4a4962ac6d51e
-
Size
1.2MB
-
Sample
211022-wsla6abhf6
-
MD5
2b136149c73629d88dc48e8537ca03c5
-
SHA1
06cef49494f0d239f76f5aa011b9a08db6a41578
-
SHA256
615e6d39f293de56a632047eea507a7a05793285caf018e1b7fc1d6ce490bb1a
-
SHA512
79cf5b8ef4c2601db94b033492ef8dd0a670ae94220df908a13c5f2f0f2a8d08ec4d643545388fb43ee2f5e256483453afe294bfb446ab1f48861069bade9e9d
Malware Config
Extracted
qakbot
402.363
tr
1634905513
27.5.5.31:2222
136.143.11.232:443
68.186.192.69:443
117.198.157.160:443
108.4.67.252:443
207.246.112.221:995
105.198.236.99:995
37.208.181.198:61200
115.99.227.13:995
140.82.49.12:443
188.50.34.167:995
216.201.162.158:443
103.142.10.177:443
197.89.21.241:443
73.25.109.183:2222
81.250.153.227:2222
2.222.167.138:443
78.191.24.189:995
87.242.20.233:2222
89.101.97.139:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
-
-
Target
4a8e923c9cdd44e1a8f4a4962ac6d51e
-
Size
1.2MB
-
MD5
2b136149c73629d88dc48e8537ca03c5
-
SHA1
06cef49494f0d239f76f5aa011b9a08db6a41578
-
SHA256
615e6d39f293de56a632047eea507a7a05793285caf018e1b7fc1d6ce490bb1a
-
SHA512
79cf5b8ef4c2601db94b033492ef8dd0a670ae94220df908a13c5f2f0f2a8d08ec4d643545388fb43ee2f5e256483453afe294bfb446ab1f48861069bade9e9d
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Windows security bypass
-
Loads dropped DLL
-