General
-
Target
cossacks.dat.dll
-
Size
743KB
-
Sample
221019-f2f5ssfchl
-
MD5
25d8d740a5611fb6ab2e6df583c24a00
-
SHA1
41142c72f3f37fad22b01c6bd9eaf572551ff465
-
SHA256
9ebb684f13367a8b7817b787a5374f9072f9338d657c255403d991f50f6ce80c
-
SHA512
2de372428bac53af5fca71e443c6f9d7ebed9bf75faf76295c5f87aad1b1a51d6c6bbe5eb418cf9a5b65d29f81bb69a2bd64cfa9cdb640c9c259f2c43f57856b
-
SSDEEP
12288:e+4QHixeljmtjVFJcPp+cygICZoxlSr9p6q6xMZXJMeGbX//7OT:5DXjmtjVD3cygICZwSJp6q6yZXJM5T/c
Malware Config
Extracted
qakbot
403.973
obama212
1665497532
190.11.198.76:443
41.111.85.167:443
134.35.2.138:443
105.108.80.229:443
179.113.97.4:32101
197.158.89.85:443
197.204.101.178:443
105.69.147.88:995
41.103.252.215:443
41.104.109.190:443
41.107.209.163:443
14.227.159.241:443
82.12.196.197:443
103.156.237.139:443
196.235.137.166:443
181.141.3.126:443
102.157.22.8:443
41.111.52.120:443
197.92.143.218:443
181.44.34.172:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
cossacks.dat.dll
-
Size
743KB
-
MD5
25d8d740a5611fb6ab2e6df583c24a00
-
SHA1
41142c72f3f37fad22b01c6bd9eaf572551ff465
-
SHA256
9ebb684f13367a8b7817b787a5374f9072f9338d657c255403d991f50f6ce80c
-
SHA512
2de372428bac53af5fca71e443c6f9d7ebed9bf75faf76295c5f87aad1b1a51d6c6bbe5eb418cf9a5b65d29f81bb69a2bd64cfa9cdb640c9c259f2c43f57856b
-
SSDEEP
12288:e+4QHixeljmtjVFJcPp+cygICZoxlSr9p6q6xMZXJMeGbX//7OT:5DXjmtjVD3cygICZwSJp6q6yZXJM5T/c
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-