General
-
Target
dffe663e1438cb2559c5a767e2d30b01905f19ecad852016286850d36c1e572c
-
Size
1.8MB
-
Sample
220506-xgwhesacc7
-
MD5
1dbff624ef551adb72f39a7ea0a1f445
-
SHA1
28d7023d0dbeb98d2f76d2bf7190e1720fd576f1
-
SHA256
dffe663e1438cb2559c5a767e2d30b01905f19ecad852016286850d36c1e572c
-
SHA512
ce27dc4133bd217fc6248d3de4cc063e2ec83931fba48add809c1197983a688bb993a79c832c549e7c97065b20f9c6ccbdccce9bb2535b83a202c9c65fb46646
Malware Config
Extracted
qakbot
324.70
spx85
1585321881
201.152.111.104:995
181.197.195.138:995
96.35.170.82:2222
50.244.112.10:443
174.126.230.25:443
74.33.70.220:443
72.80.137.215:443
86.121.120.255:443
108.190.151.108:2222
70.166.158.118:443
24.229.245.124:995
71.187.170.235:443
49.191.6.183:995
71.80.45.253:443
46.214.62.199:443
76.107.242.174:443
79.116.229.1:995
31.5.172.53:443
71.172.110.236:443
94.98.82.131:443
Targets
-
-
Target
dffe663e1438cb2559c5a767e2d30b01905f19ecad852016286850d36c1e572c
-
Size
1.8MB
-
MD5
1dbff624ef551adb72f39a7ea0a1f445
-
SHA1
28d7023d0dbeb98d2f76d2bf7190e1720fd576f1
-
SHA256
dffe663e1438cb2559c5a767e2d30b01905f19ecad852016286850d36c1e572c
-
SHA512
ce27dc4133bd217fc6248d3de4cc063e2ec83931fba48add809c1197983a688bb993a79c832c549e7c97065b20f9c6ccbdccce9bb2535b83a202c9c65fb46646
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-