General
-
Target
cbbecef5b620ef3a99a06c424a63cff6f95f852dcfe3120e24cc465e1db5103e
-
Size
2.0MB
-
Sample
220205-l2qbcsadeq
-
MD5
17469e7e08cdc0d7a81b8ce22fe547eb
-
SHA1
7b1e01cf50b427b7f6c08abcf6ab52aefeb30810
-
SHA256
cbbecef5b620ef3a99a06c424a63cff6f95f852dcfe3120e24cc465e1db5103e
-
SHA512
f268790e60500807918be6c97795a000d1343abf7eb5d27843531dbcc6d8a2f8444e8a36477d5c9b2177b732a3e0103fd733ba0547993e7fb9e305e405245e10
Malware Config
Extracted
qakbot
324.127
spx107
1588082813
97.81.255.189:443
67.8.103.21:443
47.232.26.181:443
50.104.67.101:443
173.172.205.216:443
108.188.46.240:995
96.35.170.82:2222
70.95.94.91:2222
72.204.242.138:6881
72.231.224.122:2222
73.137.187.150:443
73.123.16.215:443
71.213.29.14:995
209.182.121.133:2222
82.210.157.185:443
69.47.26.41:443
86.122.7.89:443
71.187.170.235:443
79.113.46.93:443
74.134.4.236:443
Targets
-
-
Target
cbbecef5b620ef3a99a06c424a63cff6f95f852dcfe3120e24cc465e1db5103e
-
Size
2.0MB
-
MD5
17469e7e08cdc0d7a81b8ce22fe547eb
-
SHA1
7b1e01cf50b427b7f6c08abcf6ab52aefeb30810
-
SHA256
cbbecef5b620ef3a99a06c424a63cff6f95f852dcfe3120e24cc465e1db5103e
-
SHA512
f268790e60500807918be6c97795a000d1343abf7eb5d27843531dbcc6d8a2f8444e8a36477d5c9b2177b732a3e0103fd733ba0547993e7fb9e305e405245e10
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-