General
-
Target
8972652432.zip
-
Size
355KB
-
Sample
230202-hna3qshc3v
-
MD5
81b89ea303837c698b25f248f9ccd379
-
SHA1
ad84a881bdded1f5c1d4900c83bbe55be5d69fdd
-
SHA256
e3950bb11ab0fda16df6d30e5dd5b88f34c5fd72841b39e7f33540fba077331b
-
SHA512
2e17cc6c7ace256143e145c424344537f0f8184d30dd306a7ea265f4f3483e913b11d9a9bc4aa66b295f3d7c64ec912d88c3053a7faa937151391c17a60f8f01
-
SSDEEP
6144:Wpie6O97EoBhdJ3PBkPTWBJ68QOvN8zZ3Cs2rJbJw4JoeZTp9:C6O97EKPBkPUJ68Q3sr9W4qeZ7
Malware Config
Extracted
qakbot
404.430
BB12
1675090602
24.9.220.167:443
92.239.81.124:443
12.172.173.82:32101
162.248.14.107:443
213.31.90.183:2222
217.128.200.114:2222
71.31.101.183:443
81.229.117.95:2222
184.68.116.146:2222
86.130.9.183:2222
92.154.45.81:2222
70.64.77.115:443
24.71.120.191:443
86.225.214.138:2222
86.165.225.227:2222
172.90.139.138:2222
92.207.132.174:2222
70.160.80.210:443
58.162.223.233:443
47.61.70.188:2078
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
fbe95e4d58b31a15569d3e4ab057bc47abb193c9afacdda186be51b2c1ac582b
-
Size
384KB
-
MD5
bd0ebd840439189cc64af2d0cd0dd130
-
SHA1
72cef301ca25db6f1aa42f9380ab12ae2e99a725
-
SHA256
fbe95e4d58b31a15569d3e4ab057bc47abb193c9afacdda186be51b2c1ac582b
-
SHA512
b6298e66cb903d58b0877a0fe9725a6fb35dc2a304a5d79532d2cbc20ee3d85667fab7cc305baf5c9b612bfed9026f54a9371de72d00eb22964fcc9ff91f9b2b
-
SSDEEP
6144:Vn1X0lyS6gYhkJceU2iXT+XYhwNabhXx3r6FiNhRfpwt+42OTTF:V1Xw6gzJceU2khmOC4Nhxpwc6X
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-