General
-
Target
8382b54054b9d6d2411bb1593023b3a967d66bede6124e2c6089b62f7e48dd39
-
Size
87KB
-
Sample
220214-s2555shga7
-
MD5
59f608cb5c81c770b26eab89054fe41f
-
SHA1
4b5c407a8cd9291c834fdc12b6052d54268f139b
-
SHA256
8382b54054b9d6d2411bb1593023b3a967d66bede6124e2c6089b62f7e48dd39
-
SHA512
93ecc529f6104f025a589f3e47a74d95d2b11f1177d8725408ae1dfd8ee49f1175a0eef2802b5373c04fd9bb087a87329565397d49e0bc63d2b447a77b37c0aa
Malware Config
Extracted
qakbot
402.1
clinton04
1618322109
75.137.47.174:443
140.82.49.12:443
151.205.102.42:443
24.226.156.153:443
24.43.22.221:993
216.201.162.158:443
76.25.142.196:443
149.28.99.97:995
149.28.101.90:2222
207.246.116.237:8443
149.28.99.97:443
45.63.107.192:2222
45.32.211.207:2222
149.28.101.90:443
45.77.117.108:995
207.246.77.75:443
207.246.77.75:8443
149.28.98.196:2222
45.32.211.207:995
45.32.211.207:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
-
-
Target
8382b54054b9d6d2411bb1593023b3a967d66bede6124e2c6089b62f7e48dd39
-
Size
87KB
-
MD5
59f608cb5c81c770b26eab89054fe41f
-
SHA1
4b5c407a8cd9291c834fdc12b6052d54268f139b
-
SHA256
8382b54054b9d6d2411bb1593023b3a967d66bede6124e2c6089b62f7e48dd39
-
SHA512
93ecc529f6104f025a589f3e47a74d95d2b11f1177d8725408ae1dfd8ee49f1175a0eef2802b5373c04fd9bb087a87329565397d49e0bc63d2b447a77b37c0aa
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-