General
-
Target
10d47223997a57c61309ef019dd7e7f7279b6ae2c1cf6633c53113fe3034d1de
-
Size
2.1MB
-
Sample
220205-xz48aaegep
-
MD5
0a9c1233092c30e2f0aa8e6b1d3873d9
-
SHA1
6a666f68ef1e059871cce88299476e2175b09217
-
SHA256
10d47223997a57c61309ef019dd7e7f7279b6ae2c1cf6633c53113fe3034d1de
-
SHA512
e37b3556b5bac7bd4ad4cfbde79eef134bc3fa096929534d322feb627dc5c51938e6cf60a2f9a5b54d7302201eeb2872fc3508837c7e33b6e756831ae7b2c7ba
Malware Config
Extracted
qakbot
324.75
spx91
1586289193
173.173.1.164:443
70.62.160.186:6883
68.41.60.225:443
100.40.48.96:443
73.192.209.168:443
93.114.89.119:995
64.19.74.29:995
73.60.148.209:443
66.26.160.37:443
97.96.51.117:443
5.13.221.230:443
68.174.9.179:443
73.137.187.150:443
24.37.178.158:443
47.136.224.60:443
68.39.177.147:995
176.223.46.147:443
72.29.181.77:2078
68.174.15.223:443
50.29.181.193:995
Targets
-
-
Target
10d47223997a57c61309ef019dd7e7f7279b6ae2c1cf6633c53113fe3034d1de
-
Size
2.1MB
-
MD5
0a9c1233092c30e2f0aa8e6b1d3873d9
-
SHA1
6a666f68ef1e059871cce88299476e2175b09217
-
SHA256
10d47223997a57c61309ef019dd7e7f7279b6ae2c1cf6633c53113fe3034d1de
-
SHA512
e37b3556b5bac7bd4ad4cfbde79eef134bc3fa096929534d322feb627dc5c51938e6cf60a2f9a5b54d7302201eeb2872fc3508837c7e33b6e756831ae7b2c7ba
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-