General
-
Target
PDF_3028225.msi
-
Size
484KB
-
Sample
220715-sh9dfsbfb7
-
MD5
47847ac5f01e037c1a18becc0dfd4611
-
SHA1
d6f37b18252787c2c2c31358e741d9b834440331
-
SHA256
7d1c0c7e4cbfe49926451ab6365455e5f3889fb17e2508afa9f6e2ebeedaa2c1
-
SHA512
7630b223cddfc31ef7afee9972ab4a5100b048d35f526211e331f4717260e2c29b0962ad35271701b00c5c379f7798004f5140abe8dbc88ddf083d8b2ee78004
Malware Config
Extracted
qakbot
403.780
vip01
1657631718
47.23.89.60:993
37.34.253.233:443
196.203.37.215:80
89.211.209.234:2222
81.158.239.251:2078
179.111.8.52:32101
208.107.221.224:443
24.158.23.166:995
66.230.104.103:443
92.132.132.81:2222
24.139.72.117:443
174.80.15.101:2083
24.178.196.158:2222
100.38.242.113:995
37.186.58.99:995
24.55.67.176:443
74.14.5.179:2222
172.114.160.81:443
40.134.246.185:995
63.143.92.99:995
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
-
-
Target
PDF_3028225.msi
-
Size
484KB
-
MD5
47847ac5f01e037c1a18becc0dfd4611
-
SHA1
d6f37b18252787c2c2c31358e741d9b834440331
-
SHA256
7d1c0c7e4cbfe49926451ab6365455e5f3889fb17e2508afa9f6e2ebeedaa2c1
-
SHA512
7630b223cddfc31ef7afee9972ab4a5100b048d35f526211e331f4717260e2c29b0962ad35271701b00c5c379f7798004f5140abe8dbc88ddf083d8b2ee78004
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-