General
-
Target
CalculationOfCosts-141075452.zip
-
Size
111KB
-
Sample
230614-w8b3esce37
-
MD5
051ca5b22662dc01d89022625def3327
-
SHA1
7069a0c061068c500f7254afa0a2f02ad783d18f
-
SHA256
27bb0a8c1d9f9e7eaee26a97bd01f377c1f3048b881107021f60f7804410ebe8
-
SHA512
5e5018fe7906dd2fe4aca38c9b93301151db66c5fc1b203320289c86d0ba43ad8c5c5fad383b7a52285a021e4629a98c22133b110056922f8ac475d4f362f74a
-
SSDEEP
3072:vB1EnhktGs7M+FRxCV2WoupEEtr61CHa8k2kj+oFk2pOGRj:p1E03M+F7i2WjXr61C68kBfBpOGV
Malware Config
Extracted
qakbot
404.1374
obama268
1686733312
125.99.76.102:443
80.12.88.148:2222
109.149.147.195:2222
27.99.32.26:2222
70.28.50.223:3389
70.28.50.223:32100
86.97.96.62:2222
66.241.183.99:443
74.12.146.45:2222
190.199.147.209:2222
47.205.25.170:443
12.172.173.82:993
12.172.173.82:22
84.35.26.14:995
72.134.124.16:443
85.240.173.251:2078
50.68.186.195:443
65.190.242.244:443
45.62.75.217:443
203.109.44.236:995
Targets
-
-
Target
CalculationOfCosts-141075452.js
-
Size
464KB
-
MD5
4b773a0dcdedffe32ed1ce4ca68c9092
-
SHA1
962aa218bd23b2b86635a309df09c0168d14c14c
-
SHA256
8edcea2ccadc4cc3ab40d1e7c650e8b1a13d892ee598582b1503be2e86c77090
-
SHA512
53f84c6fd8aef31e446fb967f7fc517d1886ecd90e8dc33a4be8ee171b21d4bb61e9eae6e6d722926308161dde487506f770226e5272c01ff786d1d8cfcbb874
-
SSDEEP
6144:LmFamddP19SiU+g9ITla9MGNs9yec26VZU6BboaI7CRY7kkhl:oLU3+gPZUW0F
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-