General
-
Target
c96586228f5074a9bff189f1142062b6421f43f679ad04ccf5274be43b1e8199
-
Size
1.9MB
-
Sample
220205-l7tkzaace8
-
MD5
ed813fe5771e853926c8705edc5f1402
-
SHA1
ed5b8299f5bb85ec341d097ad4516e3b1cf521eb
-
SHA256
c96586228f5074a9bff189f1142062b6421f43f679ad04ccf5274be43b1e8199
-
SHA512
505e9006266c8d89f123cf44800e7debe83d25710265fe8dc1468ab9921fd5885191e57d2f2e650fd64f82340c60699523eed2eb4a232aa253a60922628aff54
Malware Config
Extracted
qakbot
324.127
spx103
1587642800
65.116.179.83:443
108.30.125.94:443
212.126.109.14:443
47.153.115.154:443
197.210.96.222:995
71.77.252.14:2222
24.202.42.48:2222
108.27.217.44:443
208.93.202.49:443
70.183.127.6:995
64.19.74.29:995
68.225.250.136:443
75.137.60.81:443
173.70.165.101:995
73.37.1.116:443
98.32.60.217:443
73.111.224.222:443
89.137.162.193:443
188.210.231.17:443
24.250.199.137:995
Targets
-
-
Target
c96586228f5074a9bff189f1142062b6421f43f679ad04ccf5274be43b1e8199
-
Size
1.9MB
-
MD5
ed813fe5771e853926c8705edc5f1402
-
SHA1
ed5b8299f5bb85ec341d097ad4516e3b1cf521eb
-
SHA256
c96586228f5074a9bff189f1142062b6421f43f679ad04ccf5274be43b1e8199
-
SHA512
505e9006266c8d89f123cf44800e7debe83d25710265fe8dc1468ab9921fd5885191e57d2f2e650fd64f82340c60699523eed2eb4a232aa253a60922628aff54
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-