General
-
Target
05929899.js
-
Size
464KB
-
Sample
230615-pvz4rsgh24
-
MD5
7d5724b6bcbfd42b108e86eaf132062b
-
SHA1
add4aeb0182ac8dd2d9133275a42dd9df8a8b70c
-
SHA256
65efebe64ba9165d4c981c2d32d83f98848d84085cd6721e74c0954dbc553bf7
-
SHA512
f0ea4b12e7826d8e5d90acb2911883f8e6a88577d08a6c09b569f8740d1ba4a8e7128e83fa3a3d802642817aecac14fc4e40315fe811025f0b561a2ca97c5c01
-
SSDEEP
6144:LmFamddP19SiU+g9ITla9MGNs9yec26VZU6BboaI7CRY7kkh9:oLU3+gPZUW0d
Malware Config
Extracted
qakbot
404.1374
obama268
1686733312
125.99.76.102:443
80.12.88.148:2222
109.149.147.195:2222
27.99.32.26:2222
70.28.50.223:3389
70.28.50.223:32100
86.97.96.62:2222
66.241.183.99:443
74.12.146.45:2222
190.199.147.209:2222
47.205.25.170:443
12.172.173.82:993
12.172.173.82:22
84.35.26.14:995
72.134.124.16:443
85.240.173.251:2078
50.68.186.195:443
65.190.242.244:443
45.62.75.217:443
203.109.44.236:995
Targets
-
-
Target
05929899.js
-
Size
464KB
-
MD5
7d5724b6bcbfd42b108e86eaf132062b
-
SHA1
add4aeb0182ac8dd2d9133275a42dd9df8a8b70c
-
SHA256
65efebe64ba9165d4c981c2d32d83f98848d84085cd6721e74c0954dbc553bf7
-
SHA512
f0ea4b12e7826d8e5d90acb2911883f8e6a88577d08a6c09b569f8740d1ba4a8e7128e83fa3a3d802642817aecac14fc4e40315fe811025f0b561a2ca97c5c01
-
SSDEEP
6144:LmFamddP19SiU+g9ITla9MGNs9yec26VZU6BboaI7CRY7kkh9:oLU3+gPZUW0d
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-