General
-
Target
6f00837f83703021bc4f718a4df8a7fbdadf5fff50728dc09c050efa5259db89.7z
-
Size
195KB
-
Sample
220802-q4c62afec2
-
MD5
cc36d321908e38126103fa283937f096
-
SHA1
67e0be4c565248ec3faa9d5c5e6da1f3a11e5a0b
-
SHA256
a2e1723e4ec79d3abb33f33c7056f03925ef322925e3949bb1590da40ee34658
-
SHA512
9c2f764c9bcdbdc6d73c434654b27fc2e1f8ddcb0097ee8ffd588c933a5d9381af667e74716ddb6983d61b061769d3022cfcb6b881d3c44a969966144b3815d2
Malware Config
Extracted
qakbot
325.43
tr01
1602688146
73.228.1.246:443
74.109.219.145:443
76.111.128.194:443
90.175.88.99:2222
108.191.28.158:443
68.225.60.77:443
75.136.40.155:443
5.193.181.221:2078
72.204.242.138:20
118.160.162.234:443
68.14.210.246:22
148.101.74.12:443
74.222.204.82:443
96.30.198.161:443
140.82.27.132:443
2.50.131.64:443
45.32.155.12:995
45.63.104.123:443
45.32.165.134:443
217.162.149.212:443
Targets
-
-
Target
6f00837f83703021bc4f718a4df8a7fbdadf5fff50728dc09c050efa5259db89
-
Size
269KB
-
MD5
8115d57df948ab1d5677617f7f2ea410
-
SHA1
2dbb41efd835377846aa126ddc237a1855b92df1
-
SHA256
6f00837f83703021bc4f718a4df8a7fbdadf5fff50728dc09c050efa5259db89
-
SHA512
9b190f53f2d1b9aa9695bc8da581e7cf2c4e1e1cf8afee6eca8304b116709edb932bf571e4fb095dc83d857bcd4d74ee749739eee08924c7bd73c6a5034486a3
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-