General
-
Target
f05334fea2fbec8b2135752dc8f895f0290377d937cae28a10adc3eebe71cf0f
-
Size
520KB
-
Sample
220724-rws3ysfghq
-
MD5
534394261be4f63a4b59501be880ee5d
-
SHA1
2909b52711253adf9e475a0f4ba487402f634298
-
SHA256
f05334fea2fbec8b2135752dc8f895f0290377d937cae28a10adc3eebe71cf0f
-
SHA512
75b86c62eae4b76ec42c749805a9c27e10c78ff8332509b81688c34b5e1fa1fcb9174121415398595eb7aa60d8d9aab361dbd43f978c807dc433f485bd20b57b
Malware Config
Extracted
qakbot
322.742
hhh23
1554720361
Protocol: ftp- Host:
192.185.5.208 - Port:
21 - Username:
[email protected] - Password:
NxdkxAp4dUsY
Protocol: ftp- Host:
162.241.218.118 - Port:
21 - Username:
[email protected] - Password:
EcOV0DyGVgVN
Protocol: ftp- Host:
69.89.31.139 - Port:
21 - Username:
[email protected] - Password:
fcR7OvyLrMW6!
Protocol: ftp- Host:
169.207.67.14 - Port:
21 - Username:
[email protected] - Password:
eQyicNLzzqPN
184.186.76.228:80
65.153.32.170:443
65.116.179.83:443
100.16.222.65:443
148.240.66.99:6881
172.78.85.124:443
71.210.140.93:995
72.29.181.77:2078
162.237.221.101:443
70.105.162.74:995
192.198.85.26:443
24.73.69.42:443
190.120.196.18:995
67.202.178.142:443
208.69.72.135:2222
69.159.223.202:443
174.48.72.160:443
75.183.171.155:3389
81.103.144.77:443
76.27.113.181:995
Targets
-
-
Target
f05334fea2fbec8b2135752dc8f895f0290377d937cae28a10adc3eebe71cf0f
-
Size
520KB
-
MD5
534394261be4f63a4b59501be880ee5d
-
SHA1
2909b52711253adf9e475a0f4ba487402f634298
-
SHA256
f05334fea2fbec8b2135752dc8f895f0290377d937cae28a10adc3eebe71cf0f
-
SHA512
75b86c62eae4b76ec42c749805a9c27e10c78ff8332509b81688c34b5e1fa1fcb9174121415398595eb7aa60d8d9aab361dbd43f978c807dc433f485bd20b57b
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-