General
-
Target
5701246587142144.zip
-
Size
7.2MB
-
Sample
220314-nfghfagddl
-
MD5
e1ec71ecb5d99295a40281144b04aa5f
-
SHA1
40a2ec5306e14d65f38b4653a01583a8f4a8297d
-
SHA256
863c95381f044af0f3c8a012cb8de00f0ef51e078602a880e1945e76fc869c4a
-
SHA512
9208287681d1d26ea974e19f17a016d9474224127d20692ccf97570a6be79e932f14f91f17f9b573caa4a9cc8f2828da4c9a9198a741eec4398fcb1345cc1298
Malware Config
Extracted
qakbot
401.62
abc108m
1607356318
92.59.35.196:2083
2.89.122.180:995
78.181.19.134:443
5.193.175.76:2078
24.139.72.117:443
62.38.114.12:2222
2.51.240.250:995
174.62.13.151:443
189.210.115.207:443
71.197.126.250:443
187.7.236.197:995
187.149.126.53:443
96.247.180.108:443
174.55.197.4:443
187.190.250.175:443
24.206.4.203:2222
72.36.11.22:443
197.135.240.243:443
216.137.142.200:2222
160.3.184.253:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Extracted
qakbot
401.138
abc119
1611224824
106.51.52.111:443
83.110.12.140:2222
89.3.198.238:443
86.220.60.133:2222
45.77.115.208:8443
45.77.115.208:995
71.117.132.169:443
82.76.47.211:443
125.63.101.62:443
86.98.93.124:2078
178.152.70.12:995
78.97.207.104:443
77.27.174.49:995
173.70.165.101:995
64.121.114.87:443
188.24.128.253:443
89.137.211.239:995
80.227.5.70:443
81.97.154.100:443
98.121.187.78:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Extracted
qakbot
403.10
obama147
1639647898
136.143.11.232:443
120.150.218.241:995
218.101.110.3:995
93.48.58.123:2222
190.73.3.148:2222
186.64.87.213:443
65.100.174.110:443
24.95.61.62:443
41.228.22.180:443
86.97.9.219:443
103.142.10.177:443
140.82.49.12:443
24.152.219.253:995
117.248.109.38:21
136.232.34.70:443
93.48.80.198:995
173.21.10.71:2222
78.180.163.25:995
194.36.28.26:443
45.9.20.200:2211
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Extracted
qakbot
402.68
obama59
1623694216
71.41.184.10:3389
47.22.148.6:443
96.253.46.210:443
188.26.180.140:443
75.118.1.141:443
90.65.234.26:2222
83.110.109.155:2222
76.25.142.196:443
45.46.53.140:2222
105.198.236.101:443
151.205.102.42:443
216.201.162.158:443
184.185.103.157:443
189.210.115.207:443
75.137.47.174:443
72.240.200.181:2222
75.67.192.125:443
24.55.112.61:443
72.252.201.69:443
24.179.77.236:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Extracted
qakbot
403.2
tr
1636356456
71.13.93.154:6881
91.178.126.51:995
194.36.28.190:443
86.97.8.204:443
136.232.34.70:443
93.48.80.198:995
45.9.20.200:2211
105.198.236.99:995
71.13.93.154:2222
94.60.254.81:443
120.150.218.241:995
94.200.181.154:443
71.13.93.154:2083
181.118.183.27:443
111.250.19.18:443
207.246.112.221:443
207.246.112.221:995
190.73.3.148:2222
41.37.243.129:443
136.143.11.232:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Extracted
qakbot
403.2
obama140
1638440931
120.150.218.241:995
93.48.80.198:995
78.180.170.159:995
189.252.173.60:32101
117.248.109.38:21
136.232.34.70:443
93.48.58.123:2222
39.49.59.131:995
188.55.203.55:995
105.198.236.99:995
207.246.112.221:995
207.246.112.221:443
216.238.71.31:443
136.143.11.232:443
186.64.67.31:443
2.222.167.138:443
218.101.110.3:995
190.73.3.148:2222
182.176.180.73:443
103.142.10.177:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Extracted
qakbot
402.318
tr
1632152742
45.46.53.140:2222
144.139.47.206:443
189.210.115.207:443
120.150.218.241:995
47.22.148.6:443
140.82.49.12:443
24.139.72.117:443
24.229.150.54:995
24.55.112.61:443
136.232.34.70:443
95.77.223.148:443
173.21.10.71:2222
76.25.142.196:443
96.37.113.36:993
71.74.12.34:443
73.151.236.31:443
67.165.206.193:993
109.12.111.14:443
68.204.7.158:443
105.198.236.99:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Extracted
qakbot
403.2
obama127
1636711808
136.232.34.70:443
181.118.183.31:443
72.252.147.208:465
94.200.181.154:443
71.13.93.154:2083
96.21.251.127:2222
182.176.180.73:443
88.234.20.155:995
41.228.22.180:443
89.137.52.44:443
102.65.38.57:443
94.196.209.83:995
207.246.112.221:995
207.246.112.221:443
39.49.116.108:995
190.73.3.148:2222
63.143.92.99:995
216.238.71.31:443
216.238.71.31:995
216.238.72.121:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Extracted
qakbot
402.343
obama104
1632729661
95.77.223.148:443
47.22.148.6:443
89.101.97.139:443
27.223.92.142:995
120.151.47.189:443
136.232.34.70:443
120.150.218.241:995
185.250.148.74:443
181.118.183.94:443
140.82.49.12:443
67.165.206.193:993
103.148.120.144:443
71.74.12.34:443
76.25.142.196:443
73.151.236.31:443
173.21.10.71:2222
75.188.35.168:443
2.178.88.145:61202
71.80.168.245:443
45.46.53.140:2222
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Extracted
qakbot
402.318
obama102
1632302707
120.150.218.241:995
47.22.148.6:443
105.198.236.99:443
95.77.223.148:443
140.82.49.12:443
27.223.92.142:995
73.151.236.31:443
136.232.34.70:443
144.139.47.206:443
45.46.53.140:2222
76.25.142.196:443
173.21.10.71:2222
75.188.35.168:443
71.74.12.34:443
96.37.113.36:993
67.165.206.193:993
189.210.115.207:443
72.252.201.69:443
24.139.72.117:443
24.229.150.54:995
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Extracted
qakbot
402.343
tr
1632730751
95.77.223.148:443
47.22.148.6:443
89.101.97.139:443
27.223.92.142:995
120.151.47.189:443
136.232.34.70:443
120.150.218.241:995
185.250.148.74:443
181.118.183.94:443
140.82.49.12:443
67.165.206.193:993
103.148.120.144:443
71.74.12.34:443
76.25.142.196:443
73.151.236.31:443
173.21.10.71:2222
75.188.35.168:443
2.178.88.145:61202
71.80.168.245:443
45.46.53.140:2222
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Extracted
qakbot
402.115
obama64
1624560446
140.82.49.12:443
81.214.126.173:2222
75.67.192.125:443
216.201.162.158:443
76.25.142.196:443
68.186.192.69:443
95.77.223.148:443
97.69.160.4:2222
71.41.184.10:3389
184.185.103.157:443
189.210.115.207:443
24.179.77.236:443
73.151.236.31:443
188.26.180.140:443
213.122.113.120:443
75.137.47.174:443
197.45.110.165:995
72.240.200.181:2222
75.188.35.168:443
173.21.10.71:2222
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
-
-
Target
021865faa3b24771036f065fc7bd26230e5294e471ab21334e85010b1e9196bf
-
Size
469KB
-
MD5
f0bd4b7b006bf160b6fe97a0d6670738
-
SHA1
3ecf978f460879155310d9564ff30d0ff56815de
-
SHA256
021865faa3b24771036f065fc7bd26230e5294e471ab21334e85010b1e9196bf
-
SHA512
2bc7751e6a0af6bc5c706431dc207216ffb12a69367f2590a53d860e3efa30aa417f5c8db4b39712a50e0ce36d48d0013ffa89545a21ba10b0cf94e47d6f6de2
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Windows security bypass
-
Loads dropped DLL
-
-
-
Target
26de26ea18887ba25628c2d3e8834c00ce76b8c84d8be770f31b79c83b681cff
-
Size
846KB
-
MD5
c139a52991b5dc2fdba8f8eafc55d440
-
SHA1
ba34d509f8ba7a4f415ce2c9d13191f43cb67f42
-
SHA256
26de26ea18887ba25628c2d3e8834c00ce76b8c84d8be770f31b79c83b681cff
-
SHA512
a987040234a34f4d7fbb404075d168c4f3ae31a3a1d52a611d44791395d25abe2370f4f3f58a895d66fe5fc2f06aac0a5b9b4879f80f38959ee88cd59194da95
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
-
-
Target
305e8e14bc1552266f47de8bde90c3aaf7f22432424a2be97414a79a7dc77df8
-
Size
505KB
-
MD5
155f67ab62a615b95f7d470d2406f9e7
-
SHA1
1c295a92aba15aeaa17d79f20362ee8ce60f9bfa
-
SHA256
305e8e14bc1552266f47de8bde90c3aaf7f22432424a2be97414a79a7dc77df8
-
SHA512
9d2c9273993a27a4904fac95d2279a1718d5b93c1faaf02ceb8c31df89d57b025cc26baf8749f388a29738e6ea388909fd0ee41d7363c0e94af3802d48937d83
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
-
-
Target
47ea7ae3c9a8f8bb1b5525fb962f092d08a981d4cfdb41ce0d1d81ebfa35cc94
-
Size
1.1MB
-
MD5
1f72e3c976920f5499ad014026c73683
-
SHA1
6f192ab755b681ea81696653507ae78de03af66f
-
SHA256
47ea7ae3c9a8f8bb1b5525fb962f092d08a981d4cfdb41ce0d1d81ebfa35cc94
-
SHA512
c321a3243ca716cf8fb17cddb9623246482f8f05c5c3c382898e2d441453088d7416e2dc183ded0bc9761d33eed4ad502fde70b7fa226ec2d60dca8818885db6
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
-
-
Target
51ab9788b91c7fa71567e1d3abb19f6d2542f2a75f0f11a5b2e4c1fd05387d77
-
Size
312KB
-
MD5
3013c608c43d531a635b9ea4ecfe4449
-
SHA1
e8236d0921a17c4b3a8c4f000084737b3219e633
-
SHA256
51ab9788b91c7fa71567e1d3abb19f6d2542f2a75f0f11a5b2e4c1fd05387d77
-
SHA512
4b29795250ff7d15cabbb39e00217bab706fb29e4bdbdf2650e8f955d987ee0515d53f751850aae127a1e8a59fe8d38205950e5a2ab0ab9b6c195817c5ed8377
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-
-
-
Target
587547a79fd6f8c7fb625a43b3d7f6dd24505ab86d404dd5b54d62038d9479fd
-
Size
116KB
-
MD5
6b29917e13d410c32654375ce7879eef
-
SHA1
e1ad14d5e61301d3b0642655d7ca7cdfa5cff6d3
-
SHA256
587547a79fd6f8c7fb625a43b3d7f6dd24505ab86d404dd5b54d62038d9479fd
-
SHA512
67f8e140a9e990960a8570d898e0b9251fcb4e237616d2cd311d1848c8cc1a30c22bb93cda5765e2b36b98651ea3bb0369232935eaf168510aa48e88fa7d5135
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-
-
-
Target
58878537dcf0d621aeffb66a32a40c52fa8588c832d631b988e59673bede9914
-
Size
276KB
-
MD5
92ed637108b0bbfbb8434207447183bc
-
SHA1
1b529f3422024ce6b431435f5d37b88393ff9f02
-
SHA256
58878537dcf0d621aeffb66a32a40c52fa8588c832d631b988e59673bede9914
-
SHA512
25cf828fd0818bbabf06738cc32aabca798d430eabfe659cfa0bf62ac1d9e980af64885d432a3af3fe62838b55187980534a048789a522ce092f84fbde993d1b
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Windows security bypass
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
6909c2801f5d2d0a61baa68622a31aaecaaa1bdce1911e809e9246ed616cbe37
-
Size
378KB
-
MD5
aaceb347b2357beeda3fcbc5c87e8799
-
SHA1
d4e4a777bf303114408f2df57cfb091c7bd08f8b
-
SHA256
6909c2801f5d2d0a61baa68622a31aaecaaa1bdce1911e809e9246ed616cbe37
-
SHA512
f275a4cff8c9c092c1cae00573fd7d43b17b887b6931d8a30df4dd2d81fc20bb6b5b9274560fa4f6d430ba9e974d8417751c2a65bae56959bacfeaff5640eacb
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Windows security bypass
-
Loads dropped DLL
-
-
-
Target
69ac3f3a76d2fdee0f031545587254ab8abc9f48d7d0b1cb54b6caea3d35bb85
-
Size
1.1MB
-
MD5
6dbb15ec6810e0c5a79a462623e5198b
-
SHA1
72f69a2c9754a97bd88879ede867e001bac77a64
-
SHA256
69ac3f3a76d2fdee0f031545587254ab8abc9f48d7d0b1cb54b6caea3d35bb85
-
SHA512
8d82472ae135fe7adebc02fff2a925e33f4a4907e971aca876104536c39285ae88844daa35e1881cfeac4c679bd199ccff0c0d683901f168276a43756d9f47f5
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
-
-
Target
6ce8fbedc5fd65785ce950cd2c6e670f89c6f3e9cdd41d6abcf86b61eee911f2
-
Size
469KB
-
MD5
1494919946474545be95298955974403
-
SHA1
4eb68f8e0efa346aa8cd1976554a26f787537f41
-
SHA256
6ce8fbedc5fd65785ce950cd2c6e670f89c6f3e9cdd41d6abcf86b61eee911f2
-
SHA512
912cdb166f92a447d61d94420bfad02776ad22babb390da1f4e72cb2a523e8e3ed5b2b6dc063d73ad6dd22d0704f2f9022355698a2fd93734a62ab61de770247
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Windows security bypass
-
Loads dropped DLL
-
-
-
Target
7a91436b7a51dfd164632e7da459c4fb35f8edfea1dea8c438ee75e3f2e0400c
-
Size
539KB
-
MD5
e6426f0a69c1565514f49eabe82559dc
-
SHA1
214f6fd9ccbe9702425eb468c4a178da13d97e2b
-
SHA256
7a91436b7a51dfd164632e7da459c4fb35f8edfea1dea8c438ee75e3f2e0400c
-
SHA512
078938d2bfb690f1f5579f592676ca5e5de71b1204b5038c8001bcef1a4548dd97dcdd6f62cc3ff0ae829dff7eefdb7e3a9406a6d0fbdc3178006bf3c3d5638c
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-
-
-
Target
8f5843efe1c817ec78ecc53206b70df0badb70dda8cfdb18fefd2ab9bff0e9d4
-
Size
196KB
-
MD5
f980881cded6a7dd5cef8b13a52c2af6
-
SHA1
8f33fecbe739ef136fca4b4dcbfcc65c2866635a
-
SHA256
8f5843efe1c817ec78ecc53206b70df0badb70dda8cfdb18fefd2ab9bff0e9d4
-
SHA512
369db67d6a117ae80c01edc055b908aaa2088af00484b9c00100f5df8381744e76f20a87f4dac712e5b9c33c6b8ce331e0c8ddd3d224379828e411e0810e1fca
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-
-
-
Target
98d07ae48bad89ce3395dd0a67deafc5a8dd941b151b03cca0dbdfef033bbf0b
-
Size
378KB
-
MD5
7a35246c94d5dd27aff56a7862b1d33e
-
SHA1
24b38e564c4027dbf26ba3bf766335c5be029faf
-
SHA256
98d07ae48bad89ce3395dd0a67deafc5a8dd941b151b03cca0dbdfef033bbf0b
-
SHA512
011e4860daa0f1bc977e6fe1c006c29b93386af5f313170661cd4f5d697b82da906f689050fa37696ee31f8fbfa1bd95339c7f8358bc14b0c63c62f35a46d985
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Windows security bypass
-
Loads dropped DLL
-
-
-
Target
9c5c2af628233f118a88fb03f859e0f92f4393c8dd7c8204afe15af161f568c7
-
Size
355KB
-
MD5
ed3b43ef66f58f891cc51cacc79b0b72
-
SHA1
02cfa19d275c96fafad6b3e440b220200b839f99
-
SHA256
9c5c2af628233f118a88fb03f859e0f92f4393c8dd7c8204afe15af161f568c7
-
SHA512
73913ebf9895625de2b4a4e5c4534164f79b708bfc1338aade1d90aae57836bd7ea79e2a32976b138d8d5ab1d877ec5997428461acb588e732ec49ab8235d116
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Windows security bypass
-
Loads dropped DLL
-
-
-
Target
9e00cf7d03bf640ddd50390008308926ae82f906ece239e65f628182086e030d
-
Size
378KB
-
MD5
908f17686edf6f7663a40c31e7971225
-
SHA1
4f2c8a970f0a5ab4c7c27b1b23825ffebd344b1c
-
SHA256
9e00cf7d03bf640ddd50390008308926ae82f906ece239e65f628182086e030d
-
SHA512
a154e9b8fc629a18ea08c1019442d383f348ded69c5ba05a6153dce6684ba31ce20cbda880519e615a8102a1ea0049d5e324d2f95ec78531c94f10a3854c46cc
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Windows security bypass
-
Loads dropped DLL
-
-
-
Target
9e7db9c87fc4374a2c88cc5f1bdc540205e161423010b2ee826b88b7b3503f2b
-
Size
280KB
-
MD5
3f0a6191433bb71f6c1ee5c6a9f79e20
-
SHA1
de746c17968d9d1ca33b3d3829c93efeeb780a0c
-
SHA256
9e7db9c87fc4374a2c88cc5f1bdc540205e161423010b2ee826b88b7b3503f2b
-
SHA512
9bc7a8b9693b3599c817924888a48ea58ccbf51d897a167db020fde805099434b02ea0ea8c795c74cb9cde501f196c87af7cc7a3eb0798684f627ac485c7fbda
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-