General
-
Target
d43e07870f3b6ae812038b7566565bac
-
Size
466KB
-
Sample
240318-xc5wasfd73
-
MD5
d43e07870f3b6ae812038b7566565bac
-
SHA1
56e55f25c56336f340f5425207508c4c7ad1cc1a
-
SHA256
033583f27d4f2eeb2daad014a771369c45e117430e376bc2fe693961ce33ca54
-
SHA512
fd69fd38caa3135e8702840f9568c04e1298555ea99dfa07d4119ff1d584487ad79c2614616d8b09d448eb6f7d44a2e6ad8f727c226589ce836af53ec0dcc53e
-
SSDEEP
6144:4jpCzcjuQ/9zoaV3EeVHq/Ca6VbrdRNMA:4jQojuS9zoadEYHq/CjtN
Malware Config
Extracted
qakbot
402.12
tr
1618935072
140.82.49.12:443
190.85.91.154:443
96.37.113.36:993
71.41.184.10:3389
186.31.46.121:443
73.25.124.140:2222
109.12.111.14:443
24.229.150.54:995
45.32.211.207:443
45.77.117.108:443
45.77.117.108:8443
149.28.98.196:443
149.28.98.196:2222
144.202.38.185:443
144.202.38.185:995
45.32.211.207:995
207.246.116.237:995
149.28.99.97:995
45.63.107.192:2222
149.28.101.90:995
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
-
-
Target
d43e07870f3b6ae812038b7566565bac
-
Size
466KB
-
MD5
d43e07870f3b6ae812038b7566565bac
-
SHA1
56e55f25c56336f340f5425207508c4c7ad1cc1a
-
SHA256
033583f27d4f2eeb2daad014a771369c45e117430e376bc2fe693961ce33ca54
-
SHA512
fd69fd38caa3135e8702840f9568c04e1298555ea99dfa07d4119ff1d584487ad79c2614616d8b09d448eb6f7d44a2e6ad8f727c226589ce836af53ec0dcc53e
-
SSDEEP
6144:4jpCzcjuQ/9zoaV3EeVHq/Ca6VbrdRNMA:4jQojuS9zoadEYHq/CjtN
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-