General
-
Target
7685346167.zip
-
Size
512KB
-
Sample
220714-sbsgcshafr
-
MD5
494c5ff1a8954c9b754d5197acc144a1
-
SHA1
2685d738b03ff684003daaf515539dd76f3e61c6
-
SHA256
741ad4a402ca98e0c777ad3cfffa55cfbd75d7af2f23f9dad63d0ed236eeba44
-
SHA512
1eee71eae821dcc183188569f42eac1986d131a2cd0deb37339da3cfb0a9a29f2e145383c1ae75f5107de5de0f58aa1e4e400a577a766bf3300acbfda309c09e
Malware Config
Extracted
qakbot
403.780
obama199
1657265474
121.7.223.45:2222
67.209.195.198:443
148.64.96.100:443
92.132.132.81:2222
217.128.122.65:2222
47.180.172.159:443
173.174.216.62:443
70.46.220.114:443
32.221.224.140:995
69.14.172.24:443
117.248.109.38:21
94.59.15.180:2222
38.70.253.226:2222
217.165.157.202:995
41.228.22.180:443
67.165.206.193:993
172.115.177.204:2222
186.90.153.162:2222
47.23.89.60:993
120.150.218.241:995
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
-
-
Target
2a00d95b47cb04f233ce7351b842234410ec89c455f7515e8234b4d350b99406
-
Size
839KB
-
MD5
6742059d39462d81438ef4d97af53d43
-
SHA1
f6441fe1691cc77b400fadf210db421ada166b18
-
SHA256
2a00d95b47cb04f233ce7351b842234410ec89c455f7515e8234b4d350b99406
-
SHA512
ba92c3fbcb62c15008f146fde736fea857da02d776b13b8992ab8cbfce62d1ab1046e0cb0b1373d5092a4f9040853268df8bfda5e6faa14c970ce2e2a1a43ba5
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-
Drops file in System32 directory
-