General
-
Target
Calculation#1755(Sep16).zip
-
Size
392KB
-
Sample
220919-knz3zaghe9
-
MD5
7f711b7a8250c040a283b37c85d63851
-
SHA1
b3b2616b0c101b32b8dccede8a91577822f9b085
-
SHA256
ea8f0e1aaf71a765d91494c6435bd35330e35e8912895e0a91afdc4ee9bc789d
-
SHA512
7c0f83a5890effa078e652df0c3bc59c4176671d6819f8f3669b8303e8e837adebdef6db7102007a90f3f1f1727d39bdb96dbfce1da927839792e3f766a4e1ab
-
SSDEEP
12288:xIEoe/79lDMcQMHunl6ajbWpWSJdTAAXgq:xIENDDK6dNtF
Malware Config
Extracted
qakbot
403.892
obama204
1663313119
119.82.111.158:443
134.35.10.207:443
200.161.62.126:32101
70.51.132.197:2222
78.100.228.93:995
78.100.225.34:2222
45.51.148.111:993
186.154.92.181:443
66.181.164.43:443
217.165.85.223:993
70.49.33.200:2222
193.3.19.37:443
41.96.56.224:443
99.232.140.205:2222
88.231.221.198:995
76.169.76.44:2222
68.53.110.74:995
196.64.237.138:443
190.44.40.48:995
72.88.245.71:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
Calculation#1755.iso
-
Size
1014KB
-
MD5
7567da1243002ff9f71a92a1d43a8915
-
SHA1
14c524fd6a8b5f2e4397e2ea448e493bf0e01624
-
SHA256
2f07635e908ef9c44df4b7d1a30ac54244fa43ade19d576480db3dc9a159fc17
-
SHA512
9d209752ca472aae5ad2b701423c4647355ad609644f1e01bf83fc0d0e64bc95b2736748f137b05e9db86b5975ba19f75a1820492dd5d2f442287c0a9725dfb1
-
SSDEEP
24576:nwadVwjHYHHWHCrwUwvPwewGHHQkg1H5wbgnSu4j5+/DH9YQUoIs95:nwadVwjHYHHWHCrwUwXwewGHHQkg1H5f
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-