General
-
Target
9636eb392c2533eaac075a278c7bf8c1d338ea71d4d0d8634578efca4b34a650
-
Size
766KB
-
Sample
220625-jchtwadeb4
-
MD5
3fbe9a0f0509e72a04c208310766ef8a
-
SHA1
58abe38f83c098ac0386a0c84f6d7dd342164192
-
SHA256
9636eb392c2533eaac075a278c7bf8c1d338ea71d4d0d8634578efca4b34a650
-
SHA512
6896a47bd9377d9d5a5100bf04cefa780138571dc0a978ba66b316eddb0c6ad4c402c5918ff59678d8091043f2c36cb452468510944bac040e5b1196052f5504
Malware Config
Extracted
qakbot
324.8
spx78
1583425048
99.195.148.141:443
72.36.59.46:2222
96.243.35.201:443
108.54.103.234:443
71.80.227.238:443
45.45.105.94:443
24.32.119.146:443
50.29.181.193:995
179.36.20.224:443
75.81.25.223:995
75.110.250.89:443
108.190.148.31:2222
207.144.193.210:443
104.34.122.18:443
70.95.94.91:2078
172.78.87.180:443
98.213.28.175:443
142.255.99.254:443
23.24.115.181:443
206.169.163.147:995
Targets
-
-
Target
9636eb392c2533eaac075a278c7bf8c1d338ea71d4d0d8634578efca4b34a650
-
Size
766KB
-
MD5
3fbe9a0f0509e72a04c208310766ef8a
-
SHA1
58abe38f83c098ac0386a0c84f6d7dd342164192
-
SHA256
9636eb392c2533eaac075a278c7bf8c1d338ea71d4d0d8634578efca4b34a650
-
SHA512
6896a47bd9377d9d5a5100bf04cefa780138571dc0a978ba66b316eddb0c6ad4c402c5918ff59678d8091043f2c36cb452468510944bac040e5b1196052f5504
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-