General
-
Target
abe530cd4c01bf2e22799547987e92d788024887c24ad71c8e6ce78146a1da13
-
Size
87KB
-
Sample
220214-sp5zlsbbbj
-
MD5
679ea37a80e72d2071261017b874b799
-
SHA1
45812f582f1eeab7c05f0d0a056acab039115ee5
-
SHA256
abe530cd4c01bf2e22799547987e92d788024887c24ad71c8e6ce78146a1da13
-
SHA512
a2cd81f439778b87af25333779da15162f739122cf035f8a42a55574ce51d4364b20b366556b4033bd1485abdbf0c513a357797fb186f24f61e240d1e4c3e20a
Malware Config
Extracted
qakbot
402.1
clinton04
1618322109
75.137.47.174:443
140.82.49.12:443
151.205.102.42:443
24.226.156.153:443
24.43.22.221:993
216.201.162.158:443
76.25.142.196:443
149.28.99.97:995
149.28.101.90:2222
207.246.116.237:8443
149.28.99.97:443
45.63.107.192:2222
45.32.211.207:2222
149.28.101.90:443
45.77.117.108:995
207.246.77.75:443
207.246.77.75:8443
149.28.98.196:2222
45.32.211.207:995
45.32.211.207:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
-
-
Target
abe530cd4c01bf2e22799547987e92d788024887c24ad71c8e6ce78146a1da13
-
Size
87KB
-
MD5
679ea37a80e72d2071261017b874b799
-
SHA1
45812f582f1eeab7c05f0d0a056acab039115ee5
-
SHA256
abe530cd4c01bf2e22799547987e92d788024887c24ad71c8e6ce78146a1da13
-
SHA512
a2cd81f439778b87af25333779da15162f739122cf035f8a42a55574ce51d4364b20b366556b4033bd1485abdbf0c513a357797fb186f24f61e240d1e4c3e20a
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-