General
-
Target
pack2.zip
-
Size
466KB
-
Sample
220609-tmlnmahggl
-
MD5
1809d3801390855e3c34ba1f4a5dc522
-
SHA1
5076d5bd8eea5e549a90f5748bbde9b7947ddad0
-
SHA256
f2956da25bd8b3682d6945aed72f24d8bd3198bc5eba2a4232f9cb76e254829d
-
SHA512
be4b9e0311f312d7b762379f18d249e7d7817cde773fb7a6bebe4e3a4954c7e8715bdcc046ed11aa9883f18cd6e6a93f857b000815d32d565c5914dadea469d6
Malware Config
Extracted
qakbot
403.688
obama187
1654695312
197.164.182.46:993
70.51.135.90:2222
187.251.132.144:22
37.186.54.254:995
80.11.74.81:2222
41.84.236.245:995
24.139.72.117:443
177.94.57.126:32101
37.34.253.233:443
186.90.153.162:2222
32.221.224.140:995
208.107.221.224:443
67.165.206.193:993
63.143.92.99:995
88.232.220.207:443
189.78.107.163:32101
74.14.5.179:2222
148.0.56.63:443
40.134.246.185:995
173.21.10.71:2222
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
-
-
Target
ScannedDocuments_8080655.lnk
-
Size
1KB
-
MD5
a43c525371ce9f2fcccba240a1fc5a33
-
SHA1
9ec61778e8605c7bd304f84f0867ada794a2d9f0
-
SHA256
89532ec32e52234cef6c82443cc08d3b9461d0a87d1cde778d8b5dfe34c54022
-
SHA512
c405eae2c58cbca8005a4396b8572dcc7c82ba08a91b3cb83f9892b44204dfea44a8214804ed9addff6de6c21cf70888a8afc7c98cdca35681970d387780aad4
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
local.dll
-
Size
843KB
-
MD5
c8407e27ce9bf51688106a1fbe3643af
-
SHA1
1aa5cd097a19e7134f4a1566f77d089a718dfa6e
-
SHA256
4ba3ad5f455f832e3190e4f64569f91d8b0ade3181e7b17249fbfeb523352be3
-
SHA512
1167d1b0830b31825c3b91edc78e27783729cbdd3c0f240e935e76ffbb3d6cc364317aa8a50f6b7980012ee2cee1c19584d588fdfda3645fee9bbd44d7592d39
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-