General
-
Target
bd4d9cfa08a8208aef97bd6f2c3b320215c85e6ea3be3ac2edbd176ba1c1f31d
-
Size
701KB
-
Sample
221125-j7mfjsgg51
-
MD5
e86a0704e6ff2e85d778cb4ee190145e
-
SHA1
345ba573b1e7b82506a975cf0e3ee31073b006c0
-
SHA256
bd4d9cfa08a8208aef97bd6f2c3b320215c85e6ea3be3ac2edbd176ba1c1f31d
-
SHA512
b111b135c0f337d9fa56a7fc531675659d7a5042847c538d28fe7c49eb5705900a03602138b3558b15cd970d5fb615399f1d0d30552d5196bec9850ded92b49d
-
SSDEEP
6144:PXESEPZbTSWraS0IMoNmL7x4SVISabPTeboxqoTkEbj5MItIl7/:YrrFNmLKSVIJbPT+4BiIuh/
Malware Config
Extracted
qakbot
401.138
obama01
1612782139
160.3.187.114:443
41.205.16.1:443
96.61.23.88:995
86.98.93.124:2078
2.232.253.79:995
81.88.254.62:443
197.45.110.165:995
27.223.92.142:995
80.11.173.82:8443
190.85.91.154:443
142.68.28.22:443
88.252.96.34:443
89.211.252.190:995
89.3.198.238:443
140.82.49.12:443
108.46.145.30:443
188.25.63.105:443
209.210.187.52:443
86.160.137.132:443
202.184.20.119:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
-
-
Target
bd4d9cfa08a8208aef97bd6f2c3b320215c85e6ea3be3ac2edbd176ba1c1f31d
-
Size
701KB
-
MD5
e86a0704e6ff2e85d778cb4ee190145e
-
SHA1
345ba573b1e7b82506a975cf0e3ee31073b006c0
-
SHA256
bd4d9cfa08a8208aef97bd6f2c3b320215c85e6ea3be3ac2edbd176ba1c1f31d
-
SHA512
b111b135c0f337d9fa56a7fc531675659d7a5042847c538d28fe7c49eb5705900a03602138b3558b15cd970d5fb615399f1d0d30552d5196bec9850ded92b49d
-
SSDEEP
6144:PXESEPZbTSWraS0IMoNmL7x4SVISabPTeboxqoTkEbj5MItIl7/:YrrFNmLKSVIJbPT+4BiIuh/
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-