General
-
Target
93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.zip
-
Size
1010KB
-
Sample
240302-xxke4agg26
-
MD5
2ece7f01b02e6d276391213deda1a4af
-
SHA1
4e650fb9cb14b5fb2f1f5774159ebe379af8089a
-
SHA256
39e79ae8d91991013f5d7ea8044ddbdd9c6feb56244c57ca82c0047c78aaff55
-
SHA512
10e239cbdb445cea3544e6f390d6de76752bb8dcc443eb85c85a572f05ae31da591d4a7be43b2931b9e2241baf48f539bf886dd716259955641aa1bcee87454a
-
SSDEEP
24576:YouaNN3a5R90JDKq2R2TYU1TxqwqHlL+XWhdtMECYKLJ:Ju7sw2HowqFCWOECr
Malware Config
Extracted
qakbot
tchk06
1702463600
45.138.74.191:443
65.108.218.24:443
-
camp_date
2023-12-13 10:33:20 +0000 UTC
Targets
-
-
Target
93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.msi
-
Size
1.9MB
-
MD5
82b8bd90e500fb0bf878d6f430c5abec
-
SHA1
f004c09428f2f18a145212a9e55eef3615858f9c
-
SHA256
93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f
-
SHA512
82b2e997bf5bc0d08ab8dd921aef3e8d620a61c26f86b6f481845ad694d7b97f65dfa42e1c18b83f0f827cad9df69a409b75d96793e5bd7124c26bc7cb07f881
-
SSDEEP
49152:Ksjitd+vszAlozTy4g5r8+5eNBABxGNvXreD68f:rihTyfcXreO8f
Score10/10-
Detect Qakbot Payload
-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-