General
-
Target
uxx1.ocx.zip
-
Size
723KB
-
Sample
220125-pm286affgj
-
MD5
8013f3e165a62931b6d20f8b621b2cce
-
SHA1
42e285cff1aec024c76545060df570419e64c89b
-
SHA256
4f40db8f7c96f3cbd38de000c8b8818dae8145e533ff2bd1dba2cfa05ceb8885
-
SHA512
0726d5202d558cad6d14a3f97b2a996b8aa8b0306ad680550bcbcfedc6fc034e48e2b9ecbfb2cc68a6b732392b513ac5227b31ed49ad08fabd4328a03db6550d
Malware Config
Extracted
qakbot
403.10
tr
1643025307
103.143.8.71:6881
37.210.172.200:2222
136.143.11.232:443
190.73.3.148:2222
78.101.147.76:61202
82.152.39.39:443
65.100.174.110:995
65.100.174.110:443
111.125.245.116:995
117.248.109.38:21
31.215.99.178:443
103.142.10.177:443
39.49.110.129:995
86.97.246.244:1194
68.204.7.158:443
217.128.93.27:2222
144.86.28.125:443
94.59.253.222:2222
120.150.218.241:995
185.249.85.209:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
-
-
Target
uxx1.ocx
-
Size
1.7MB
-
MD5
b98cfc4a01cdc1add2ab5c88d2c5f647
-
SHA1
7e3f7a6df7d4ac26d327ea89d02bde73823be8d5
-
SHA256
3f7ac7e2b3fabce551c96515d807d2cd23c3de0cc0870ef2df363e2b02b04aba
-
SHA512
835298e1755176b7283b70bad63deb69ef2008132b8ecc262056a444bf79a5bf608d8b6929f6c0578d559e1b575d50af0cdd32559e6ad3c7dec00197c5a4dfab
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Windows security bypass
-
Loads dropped DLL
-