General
-
Target
9d11c4cc1c69a7673bca3e0f74b9b1846900a5a7cfa39b66e96bf16e452a26e9
-
Size
2.2MB
-
Sample
220205-phjagsbca7
-
MD5
bdd35046904eddd00f03acd7e921fbd1
-
SHA1
8fce752a88b6cb93fe6463ed0d0823bbd568fa29
-
SHA256
9d11c4cc1c69a7673bca3e0f74b9b1846900a5a7cfa39b66e96bf16e452a26e9
-
SHA512
03df82f5287de7d9e6a94dc6d83f68f1f83c1236774fbe57e85d0066bddf6145e5041d8ca1aa516d158410844188b9194756be187af37a7d8ae0c0524a69e273
Malware Config
Extracted
qakbot
324.127
spx95
1586782660
47.153.115.154:443
108.27.217.44:443
71.77.252.14:2222
64.19.74.29:995
186.135.93.204:443
96.236.225.10:443
24.37.178.158:443
68.59.27.48:443
76.170.77.99:443
206.183.190.53:995
47.136.224.60:443
68.174.15.223:443
108.188.46.240:995
72.29.181.77:2078
50.29.181.193:995
69.92.54.95:995
47.180.66.10:443
86.125.138.141:995
184.180.157.203:2222
78.96.148.177:443
Targets
-
-
Target
9d11c4cc1c69a7673bca3e0f74b9b1846900a5a7cfa39b66e96bf16e452a26e9
-
Size
2.2MB
-
MD5
bdd35046904eddd00f03acd7e921fbd1
-
SHA1
8fce752a88b6cb93fe6463ed0d0823bbd568fa29
-
SHA256
9d11c4cc1c69a7673bca3e0f74b9b1846900a5a7cfa39b66e96bf16e452a26e9
-
SHA512
03df82f5287de7d9e6a94dc6d83f68f1f83c1236774fbe57e85d0066bddf6145e5041d8ca1aa516d158410844188b9194756be187af37a7d8ae0c0524a69e273
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-