General
-
Target
111fb452bdc34c120d2cce1ee80099ad96fdd8fccf8fe5a0e1185d372efb9363
-
Size
1.0MB
-
Sample
220509-e8k7nacda4
-
MD5
a1d2a5d76015aaa3bc2e61411141f18c
-
SHA1
f511a2cea217419011879ecb42a2c5625d93c39a
-
SHA256
1803f9390c070076b7c4eb751ab74160cbe5eacaeb2f69f4a0b0ba765bc5c110
-
SHA512
4b528053c82358ba900b8bd800132e3c57a275b5c8c21268cb86b2ca079974e6f2c3e7758bfa286d4d8c2844e6a770378b59998c8342c587fd59575486e8985c
Malware Config
Extracted
http://103.155.93.53/694416531.dat
http://87.236.146.69/694416531.dat
http://94.140.114.172/694416531.dat
Extracted
qakbot
403.573
obama180
1650959141
2.50.4.57:443
85.246.82.244:443
121.7.223.59:2222
197.161.137.67:993
38.70.253.226:2222
47.23.89.62:993
172.114.160.81:443
75.99.168.194:443
82.152.39.39:443
108.60.213.141:443
148.64.96.100:443
167.86.191.84:443
187.207.47.198:61202
103.107.113.120:443
203.122.46.130:443
106.51.48.170:50001
47.23.89.62:995
140.82.49.12:443
102.65.38.74:443
103.246.242.202:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Extracted
http://103.155.93.53/75369921.dat
http://87.236.146.69/75369921.dat
http://94.140.114.172/75369921.dat
Targets
-
-
Target
ApplicationReject-706073812.xlsb
-
Size
1.1MB
-
MD5
82eefe190e22d87e535c9dc375fe039e
-
SHA1
6b2e5804508f58cfcfa76eca249e11f025490d77
-
SHA256
9b14898f42362545794c7400c889d19cc6df0bc8536414b5a13772185d1d2be3
-
SHA512
14d0f9ef03435ddca7be4c23b0d83c3d61ab81cb7860a925af3d2c0aa9701cb29c06f1ff71bc0e8b8ef49667504af5d743fd24770106d3c6f4cb2f1dc12522a1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Downloads MZ/PE file
-
Loads dropped DLL
-