General
-
Target
fromBorisWithLove.dll
-
Size
276KB
-
Sample
230404-3d7zyaaf62
-
MD5
21b1e88050dada23c29faa6d675ef510
-
SHA1
b85b311f53ea61568a204f5e0c731f74ff49a663
-
SHA256
34a18edfb4fb0156d999da641c12017ad20cd6882ff4241126cf49ab27a7d64a
-
SHA512
f6caf592f2e918351bfc4268dc74e2c2560b9ee0aa4506095ec7d7239b20e34bb8a8aa970bb70ebcd68e39f36c61770ab25f10a935712889a1d23d3f56ae3e97
-
SSDEEP
6144:8uzRzeCFemMeVfQFn3eX6fWFxpqtooF+wFcMaw:8o91e8Wn3eXaQ3KoOs+
Malware Config
Extracted
qakbot
404.909
BB22
1680515593
109.218.86.223:2222
78.130.215.67:443
70.112.206.5:443
12.172.173.82:50001
201.244.108.183:995
96.87.28.170:2222
76.80.180.154:993
95.60.243.24:995
87.202.101.164:50000
86.225.214.138:2222
74.66.134.24:443
72.203.216.98:2222
92.239.81.124:443
37.189.1.102:443
144.64.226.144:443
202.142.98.62:443
12.172.173.82:993
71.171.83.69:443
139.226.47.229:995
197.204.234.123:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
fromBorisWithLove.dll
-
Size
276KB
-
MD5
21b1e88050dada23c29faa6d675ef510
-
SHA1
b85b311f53ea61568a204f5e0c731f74ff49a663
-
SHA256
34a18edfb4fb0156d999da641c12017ad20cd6882ff4241126cf49ab27a7d64a
-
SHA512
f6caf592f2e918351bfc4268dc74e2c2560b9ee0aa4506095ec7d7239b20e34bb8a8aa970bb70ebcd68e39f36c61770ab25f10a935712889a1d23d3f56ae3e97
-
SSDEEP
6144:8uzRzeCFemMeVfQFn3eX6fWFxpqtooF+wFcMaw:8o91e8Wn3eXaQ3KoOs+
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-