General
-
Target
053f8d5670c666f54c76fc8f3273ed916b1c323bc1a6c71a13f9f02a4746a061
-
Size
1.0MB
-
Sample
230830-yzccyaaf47
-
MD5
a7c930732560445a040bf5534d87013e
-
SHA1
585d7cbb0dd5ae9a166f94949d2ac815b02fbc88
-
SHA256
053f8d5670c666f54c76fc8f3273ed916b1c323bc1a6c71a13f9f02a4746a061
-
SHA512
d1ac91f1cacb695d11c7e5d12bd50112a5b1790feec83ef21bb2cb1be7fe6ff0692c1d13779f99eb2e9a6713e34d47704bcd5829e2afb68f66fd00ad7aeead18
-
SSDEEP
12288:tRWOA1eeCaGDpeHWCo8YpNFN5dEr9n5RGxXuZn:CO1vX4zoLNF/dwfGxXut
Malware Config
Extracted
qakbot
324.142
spx139
1591962820
98.16.204.189:995
88.158.199.95:443
24.102.235.160:995
96.18.240.158:443
67.165.206.193:995
81.103.144.77:443
184.180.157.203:2222
47.136.224.60:443
104.221.4.11:2222
203.33.138.230:443
72.204.242.138:20
75.137.239.211:443
74.215.201.122:443
41.228.201.162:443
92.29.5.162:995
108.30.125.94:443
207.255.161.8:2078
173.172.205.216:443
68.134.181.98:443
5.12.50.241:443
Targets
-
-
Target
053f8d5670c666f54c76fc8f3273ed916b1c323bc1a6c71a13f9f02a4746a061
-
Size
1.0MB
-
MD5
a7c930732560445a040bf5534d87013e
-
SHA1
585d7cbb0dd5ae9a166f94949d2ac815b02fbc88
-
SHA256
053f8d5670c666f54c76fc8f3273ed916b1c323bc1a6c71a13f9f02a4746a061
-
SHA512
d1ac91f1cacb695d11c7e5d12bd50112a5b1790feec83ef21bb2cb1be7fe6ff0692c1d13779f99eb2e9a6713e34d47704bcd5829e2afb68f66fd00ad7aeead18
-
SSDEEP
12288:tRWOA1eeCaGDpeHWCo8YpNFN5dEr9n5RGxXuZn:CO1vX4zoLNF/dwfGxXut
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-