General
-
Target
c67eb13bf6222d0f7dee5250bcfc7175178d4977afd21baf3f61d64c35e79fe3
-
Size
216KB
-
Sample
220214-sj2p1abaer
-
MD5
e7fe8d6976cad7165d5ab79c12b28b4e
-
SHA1
0bd76ef651c878ea4050a1ad8873da78510a4c00
-
SHA256
c67eb13bf6222d0f7dee5250bcfc7175178d4977afd21baf3f61d64c35e79fe3
-
SHA512
2135fa63b7bd2795ac3b3a9d3a02463af7e2c472e8175d2d48c79d2dd7835e63d71c7644c6f42669c9aa529d7b1706a81dd84ceac58ad2d756911023675d8fc9
Malware Config
Extracted
qakbot
324.142
spx133
1591267427
49.144.84.21:443
189.159.133.162:995
173.245.152.231:443
77.237.181.212:995
207.255.161.8:2078
76.187.8.160:443
207.255.161.8:2087
98.219.77.197:443
66.222.88.126:995
207.255.161.8:32102
108.58.9.238:995
47.152.210.233:443
1.40.42.4:443
188.27.71.163:443
82.127.193.151:2222
104.50.141.139:995
67.83.54.76:2222
86.126.97.183:2222
73.94.229.115:443
47.35.182.97:443
Targets
-
-
Target
c67eb13bf6222d0f7dee5250bcfc7175178d4977afd21baf3f61d64c35e79fe3
-
Size
216KB
-
MD5
e7fe8d6976cad7165d5ab79c12b28b4e
-
SHA1
0bd76ef651c878ea4050a1ad8873da78510a4c00
-
SHA256
c67eb13bf6222d0f7dee5250bcfc7175178d4977afd21baf3f61d64c35e79fe3
-
SHA512
2135fa63b7bd2795ac3b3a9d3a02463af7e2c472e8175d2d48c79d2dd7835e63d71c7644c6f42669c9aa529d7b1706a81dd84ceac58ad2d756911023675d8fc9
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-