General
-
Target
gallery#6425.iso
-
Size
1024KB
-
Sample
221005-srxe9aehhj
-
MD5
774a33fad29713030cfdf53c80a6f71c
-
SHA1
091f37d50bec51e52c66f0c46dfd2ee269dd0e56
-
SHA256
7390a6815342f026732d649bfe8ebee03e7a2fd29558d16ea3d8b72424663394
-
SHA512
acd0f3655b0b3776b76f9c219687d2fb0de304c548a3fa09b12bb92f13a49c5f35ddc5f983625434859cb44429c221638ae6ca16ad51c525a17080863810193d
-
SSDEEP
12288:OwBOlOtHHyD1bYkNyqieL1vc1PdFjpmw5qS6xnGWvE/NIg5UT+QD1lNMAxH:OwzHHyD1bYkNyx81IFnqnvE/5w9MW
Malware Config
Extracted
qakbot
403.895
BB
1664358901
179.111.23.186:32101
179.251.119.206:995
84.3.85.30:443
39.44.5.104:995
197.41.235.69:995
193.3.19.137:443
186.81.122.168:443
103.173.121.17:443
41.111.118.56:443
102.189.184.12:995
156.199.90.139:443
14.168.180.223:443
41.140.98.37:995
156.205.3.210:993
139.228.33.176:2222
134.35.12.0:443
49.205.197.13:443
131.100.40.13:995
217.165.146.158:993
73.252.27.208:995
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
gallery#6425.iso
-
Size
1024KB
-
MD5
774a33fad29713030cfdf53c80a6f71c
-
SHA1
091f37d50bec51e52c66f0c46dfd2ee269dd0e56
-
SHA256
7390a6815342f026732d649bfe8ebee03e7a2fd29558d16ea3d8b72424663394
-
SHA512
acd0f3655b0b3776b76f9c219687d2fb0de304c548a3fa09b12bb92f13a49c5f35ddc5f983625434859cb44429c221638ae6ca16ad51c525a17080863810193d
-
SSDEEP
12288:OwBOlOtHHyD1bYkNyqieL1vc1PdFjpmw5qS6xnGWvE/NIg5UT+QD1lNMAxH:OwzHHyD1bYkNyx81IFnqnvE/5w9MW
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-