General
-
Target
834e05af27bfe0fcdb045a226d37196d
-
Size
706KB
-
Sample
240131-dt4vsaafd3
-
MD5
834e05af27bfe0fcdb045a226d37196d
-
SHA1
21eb764cf36045d141f96f870cbaa30ed06575d3
-
SHA256
8d77cbb7e76c2127e13437f551c0e5907902cd3102eb58d7b8c3e0f7f670214e
-
SHA512
db97e61930ee4a86be0f9105e9bbc63fea768f1b091afed298295fb73c6cf3f91284ec3d3a092a4fabd4ad335f0321eab4d89035cbb16a88a90ce1829bf02ef7
-
SSDEEP
12288:rXJPiW2+w7SuTKfUVLgofr1RFMNnKcSCXxyfjvCPaPsb0z/888888888888W888D:rXJPimSVLLgoz1RRCXxyfjvzP1Ku
Malware Config
Extracted
qakbot
324.142
notset
1590741916
Protocol: ftp- Host:
192.185.5.208 - Port:
21 - Username:
[email protected] - Password:
NxdkxAp4dUsY
Protocol: ftp- Host:
162.241.218.118 - Port:
21 - Username:
[email protected] - Password:
EcOV0DyGVgVN
Protocol: ftp- Host:
69.89.31.139 - Port:
21 - Username:
[email protected] - Password:
fcR7OvyLrMW6!
Protocol: ftp- Host:
169.207.67.14 - Port:
21 - Username:
[email protected] - Password:
eQyicNLzzqPN
108.227.161.27:995
173.187.103.35:443
117.216.185.86:443
24.43.22.220:443
72.190.101.70:443
207.255.161.8:2087
189.160.217.221:443
207.255.161.8:32102
24.226.137.154:443
66.222.88.126:995
108.58.9.238:995
1.40.42.4:443
47.152.210.233:443
72.45.14.185:443
82.127.193.151:2222
101.108.113.6:443
175.111.128.234:995
175.111.128.234:443
47.39.76.74:443
5.12.214.109:2222
Targets
-
-
Target
834e05af27bfe0fcdb045a226d37196d
-
Size
706KB
-
MD5
834e05af27bfe0fcdb045a226d37196d
-
SHA1
21eb764cf36045d141f96f870cbaa30ed06575d3
-
SHA256
8d77cbb7e76c2127e13437f551c0e5907902cd3102eb58d7b8c3e0f7f670214e
-
SHA512
db97e61930ee4a86be0f9105e9bbc63fea768f1b091afed298295fb73c6cf3f91284ec3d3a092a4fabd4ad335f0321eab4d89035cbb16a88a90ce1829bf02ef7
-
SSDEEP
12288:rXJPiW2+w7SuTKfUVLgofr1RFMNnKcSCXxyfjvCPaPsb0z/888888888888W888D:rXJPimSVLLgoz1RRCXxyfjvzP1Ku
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-