Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
aeaTJIW6xt.dat
-
Size
358KB
-
Sample
230516-ch2evaba88
-
MD5
386029008d6aa807e1a6ce146737dd36
-
SHA1
5b2ed6b356cd4faf46a68a4824c411abfc4834de
-
SHA256
2ed6e7ec16e2a65459d4d77a0f06c8f757d03969a0dd640932c2f90507952baf
-
SHA512
86d2891b600f8dd267ce48bec8bb397779cb09d8d77783a48c992df7dd250870f8ee8625e26bf0aecad6adc1173b9a671b86604448730b858cb39c0f2ddbfce9
-
SSDEEP
6144:a/D0Hb7UDqr1yb1tux77q/Mt12SF7GhUdHMGMIvHQgx77QxxgHb9VnpTBJjT8UZu:oD0Hb7L1yb1tux77q/MW6uIvwO77cgH
Malware Config
Extracted
qakbot
404.1038
obama263
1684141535
103.140.174.20:2222
91.75.114.200:443
102.156.218.92:443
91.2.143.185:995
90.165.109.4:2222
85.152.152.46:443
182.185.181.202:995
65.190.242.244:443
122.186.210.254:443
58.162.223.233:443
98.145.23.67:443
41.186.88.38:443
139.226.47.229:995
12.172.173.82:993
197.148.17.17:2078
43.243.215.210:443
178.152.124.169:443
50.68.204.71:443
217.165.234.249:443
116.74.164.93:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
aeaTJIW6xt.dat
-
Size
358KB
-
MD5
386029008d6aa807e1a6ce146737dd36
-
SHA1
5b2ed6b356cd4faf46a68a4824c411abfc4834de
-
SHA256
2ed6e7ec16e2a65459d4d77a0f06c8f757d03969a0dd640932c2f90507952baf
-
SHA512
86d2891b600f8dd267ce48bec8bb397779cb09d8d77783a48c992df7dd250870f8ee8625e26bf0aecad6adc1173b9a671b86604448730b858cb39c0f2ddbfce9
-
SSDEEP
6144:a/D0Hb7UDqr1yb1tux77q/Mt12SF7GhUdHMGMIvHQgx77QxxgHb9VnpTBJjT8UZu:oD0Hb7L1yb1tux77q/MW6uIvwO77cgH
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Drops file in System32 directory
-