General
-
Target
8d46e2e8a6a55f0dc7a31d3c93d8d4087b83c228ced43347195a406a6c961898
-
Size
2.1MB
-
Sample
220205-qal7vabhap
-
MD5
d968b4e071f8c4fc67f4b281280774f0
-
SHA1
4ad4ed0bda3d9d3d6c82ea486e41cc8a8142a02e
-
SHA256
8d46e2e8a6a55f0dc7a31d3c93d8d4087b83c228ced43347195a406a6c961898
-
SHA512
bf74927e107156553c6f3dfd082086fe383cb02d8ce6c645712af6b8cd66d014601d4b6a44e53f78346c955b23001e743b5ea64c08cb45ae606b88e2a59f223d
Malware Config
Extracted
qakbot
324.75
spx90
1586180537
79.113.218.134:443
71.77.231.251:443
89.43.136.239:443
72.36.59.46:2222
76.30.66.244:443
73.163.242.114:443
173.216.174.39:443
70.95.94.91:2078
208.126.142.17:443
216.152.7.12:443
172.87.134.226:443
71.58.21.235:443
173.62.161.126:443
184.21.151.81:995
208.93.202.49:443
206.183.190.53:995
69.123.179.70:443
63.155.135.211:995
72.209.191.27:443
73.184.218.146:443
Targets
-
-
Target
8d46e2e8a6a55f0dc7a31d3c93d8d4087b83c228ced43347195a406a6c961898
-
Size
2.1MB
-
MD5
d968b4e071f8c4fc67f4b281280774f0
-
SHA1
4ad4ed0bda3d9d3d6c82ea486e41cc8a8142a02e
-
SHA256
8d46e2e8a6a55f0dc7a31d3c93d8d4087b83c228ced43347195a406a6c961898
-
SHA512
bf74927e107156553c6f3dfd082086fe383cb02d8ce6c645712af6b8cd66d014601d4b6a44e53f78346c955b23001e743b5ea64c08cb45ae606b88e2a59f223d
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-