General
-
Target
qakbot.exe
-
Size
2.7MB
-
Sample
240626-t4wj6awaqm
-
MD5
6f9e304b289770a66e089ae2be83952c
-
SHA1
629c55b8e3e4fd9a6c0a4463ef5d30ceda133eb8
-
SHA256
b92c0aafb4e9b0fc2b023dbb14d7e848249f29e02b0e4cd8624ce27e55c9ac4c
-
SHA512
c621eb4c8f51bae2e75cbffd53db8173d91340e2987cccd15453a2a2c048d9820b26b64e0d51fbfb441e5dbf4f9108cfbe46bda872f2980491028d93fcb33f94
-
SSDEEP
12288:hmJnJHUrcxNxDxfxNxnxNxIWxNxsyRxNxRxNx0xNxrjG8zme:w5cir
Malware Config
Extracted
qakbot
325.43
spx156
1597661994
98.26.50.62:995
46.53.40.244:443
86.98.89.40:2222
108.30.125.94:443
189.130.26.216:443
96.37.113.36:993
216.201.162.158:443
24.37.178.158:443
73.228.1.246:443
175.111.128.234:443
95.77.144.238:443
41.36.58.89:995
84.247.55.190:443
66.215.32.224:443
67.6.3.51:443
197.37.219.90:993
144.202.48.107:443
49.191.130.48:443
73.214.248.17:995
24.44.142.213:2222
Targets
-
-
Target
qakbot.exe
-
Size
2.7MB
-
MD5
6f9e304b289770a66e089ae2be83952c
-
SHA1
629c55b8e3e4fd9a6c0a4463ef5d30ceda133eb8
-
SHA256
b92c0aafb4e9b0fc2b023dbb14d7e848249f29e02b0e4cd8624ce27e55c9ac4c
-
SHA512
c621eb4c8f51bae2e75cbffd53db8173d91340e2987cccd15453a2a2c048d9820b26b64e0d51fbfb441e5dbf4f9108cfbe46bda872f2980491028d93fcb33f94
-
SSDEEP
12288:hmJnJHUrcxNxDxfxNxnxNxIWxNxsyRxNxRxNx0xNxrjG8zme:w5cir
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Executes dropped EXE
-
Loads dropped DLL
-