General
-
Target
Claim_Letter#340840(13Sep2022).html
-
Size
532KB
-
Sample
220916-nc8grabcfj
-
MD5
1f834c0ef4f1ad023bf8274519b63310
-
SHA1
4e18f9308eea49be2361a3e260b005502efd7e1a
-
SHA256
750dc3b930616e3132b5b83fc4136b196299569652e3e6674186697a5a6ca8f1
-
SHA512
c01087b31f81b7280077152bf9d4b8ac58b2ada9777089a50fdb707b6ac96e56ad1043f3267de7a5c8bbd1e33df9336ab4eb2037c0a7dda0de6f1a332437ba51
-
SSDEEP
6144:bmG04xlIE4w2SJrjY82oULCyIK9lVLMf/3vVelb3qj309t0G42m3J1Ub5bO3+Hd/:zeVL68ukJ1+JKbY3+HNmTq
Malware Config
Extracted
qakbot
403.858
obama202
1663062752
99.232.140.205:2222
41.69.118.117:995
179.111.111.88:32101
37.210.148.30:995
47.146.182.110:443
191.97.234.238:995
64.207.215.69:443
88.233.194.154:2222
81.131.161.131:2078
86.98.156.176:993
200.161.62.126:32101
88.244.84.195:443
78.100.254.17:2222
85.114.99.34:443
113.170.216.154:443
194.49.79.231:443
193.3.19.37:443
84.38.133.191:443
175.110.231.67:443
191.84.204.214:995
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
Claim_Letter#340840(13Sep2022).html
-
Size
532KB
-
MD5
1f834c0ef4f1ad023bf8274519b63310
-
SHA1
4e18f9308eea49be2361a3e260b005502efd7e1a
-
SHA256
750dc3b930616e3132b5b83fc4136b196299569652e3e6674186697a5a6ca8f1
-
SHA512
c01087b31f81b7280077152bf9d4b8ac58b2ada9777089a50fdb707b6ac96e56ad1043f3267de7a5c8bbd1e33df9336ab4eb2037c0a7dda0de6f1a332437ba51
-
SSDEEP
6144:bmG04xlIE4w2SJrjY82oULCyIK9lVLMf/3vVelb3qj309t0G42m3J1Ub5bO3+Hd/:zeVL68ukJ1+JKbY3+HNmTq
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-