General
-
Target
BSN-40367275.js
-
Size
342KB
-
Sample
230623-vwzghsga56
-
MD5
826bef7cc89f65b8c9422d3bc8b88980
-
SHA1
34f366649a2daa6dee83dc972890f03dfec8b9b6
-
SHA256
e5a4d28b196efa6e4c971985f28f9468ffe167a963358a46498992fbf529e5a9
-
SHA512
78500e2bcf9035d9b61ca3042d7ba0d9c10f22f69dcd0bfff5ef0cce45582b2d2ac450d4eda4bb2f380154540efc81deefbcc54989b45b304b1c8f12c2aa1941
-
SSDEEP
6144:bcFYID3OLgu44c/3F1amoAk5MuXvCG8YtnZ593e:fIS1xb6
Malware Config
Extracted
qakbot
404.1405
obama271
1687438904
70.28.50.223:2083
103.141.50.79:995
184.182.66.109:443
122.184.143.82:443
91.254.145.252:443
37.14.229.220:2222
64.229.117.208:2222
77.126.99.230:443
87.252.106.235:995
12.172.173.82:32101
95.230.110.222:995
88.169.33.180:2222
70.28.50.223:1194
72.80.94.230:443
191.191.1.254:995
209.171.160.69:995
45.62.67.129:443
24.234.80.122:995
81.150.169.174:2222
121.121.100.202:995
Targets
-
-
Target
BSN-40367275.js
-
Size
342KB
-
MD5
826bef7cc89f65b8c9422d3bc8b88980
-
SHA1
34f366649a2daa6dee83dc972890f03dfec8b9b6
-
SHA256
e5a4d28b196efa6e4c971985f28f9468ffe167a963358a46498992fbf529e5a9
-
SHA512
78500e2bcf9035d9b61ca3042d7ba0d9c10f22f69dcd0bfff5ef0cce45582b2d2ac450d4eda4bb2f380154540efc81deefbcc54989b45b304b1c8f12c2aa1941
-
SSDEEP
6144:bcFYID3OLgu44c/3F1amoAk5MuXvCG8YtnZ593e:fIS1xb6
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-