Resubmissions
30-08-2023 20:13
230830-yztbfshh6z 10General
-
Target
112a64190b9a0f356880eebf05e195f4c16407032bf89fa843fd136da6f5d515
-
Size
2.6MB
-
Sample
230830-yztbfshh6z
-
MD5
bce0df8721504d50f4497c0a0a2c090d
-
SHA1
2c5b190d19f0f58e156bd1b28434701cea09cc23
-
SHA256
112a64190b9a0f356880eebf05e195f4c16407032bf89fa843fd136da6f5d515
-
SHA512
8eca2571399782952e984b4d7c8f525a9c0092396ac8dc592d98acd0efdf2b6959a4b1272bcfb7e3a38060d269deabfd676b1fef2e830df3baab43e206d2f7fc
-
SSDEEP
12288:qlQq2wwLHqpVxTp5WK1QAPPAV/Ykfgn6ggKh:u2wwT45xQwkfg93h
Malware Config
Extracted
qakbot
324.142
spx143
1592482956
39.36.254.179:995
24.139.132.70:443
24.202.42.48:2222
72.204.242.138:443
172.242.156.50:995
72.204.242.138:20
68.174.15.223:443
74.193.197.246:443
96.56.237.174:990
64.19.74.29:995
70.168.130.172:443
189.236.166.167:443
68.4.137.211:443
76.187.8.160:443
76.86.57.179:2222
73.226.220.56:443
67.250.184.157:443
75.183.171.155:3389
173.172.205.216:443
173.3.132.17:995
Targets
-
-
Target
112a64190b9a0f356880eebf05e195f4c16407032bf89fa843fd136da6f5d515
-
Size
2.6MB
-
MD5
bce0df8721504d50f4497c0a0a2c090d
-
SHA1
2c5b190d19f0f58e156bd1b28434701cea09cc23
-
SHA256
112a64190b9a0f356880eebf05e195f4c16407032bf89fa843fd136da6f5d515
-
SHA512
8eca2571399782952e984b4d7c8f525a9c0092396ac8dc592d98acd0efdf2b6959a4b1272bcfb7e3a38060d269deabfd676b1fef2e830df3baab43e206d2f7fc
-
SSDEEP
12288:qlQq2wwLHqpVxTp5WK1QAPPAV/Ykfgn6ggKh:u2wwT45xQwkfg93h
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-