General
-
Target
a01392224d6e4e273ec175526786b060N.exe
-
Size
5.7MB
-
Sample
240904-2pwklsygmg
-
MD5
a01392224d6e4e273ec175526786b060
-
SHA1
4a07581b9e576b00f2481202d074f47ff2c3ece0
-
SHA256
0702af359122c92ca19423caeefedcc71f5bb2324be03fd83a9d18193c5ecbe3
-
SHA512
5bcae6eca704cd2d172f11865c78d90c91bb9744b5586c9f187b2f1d420048442a80ada82010abdaa4ba3d3fd04eab0ab7eb1d233f544a4b15a820065d4c15a4
-
SSDEEP
6144:k4thSUHz9HRg1c5Fm0Dq7VTu0Cdvm2MU3Iv7HCuqBl9scWBJy:jh3Hz9HeWFJDmV61AXuu6D
Malware Config
Extracted
qakbot
325.43
abc001
1599561498
166.62.180.194:2078
99.240.226.2:443
95.77.144.238:443
85.122.141.42:995
31.53.49.169:2222
201.216.216.245:443
209.59.87.147:443
85.186.122.190:443
45.32.155.12:443
178.193.38.188:2222
89.137.211.72:443
66.215.32.224:443
199.247.22.145:443
71.84.5.114:995
216.201.162.158:443
47.146.32.175:443
75.81.25.223:443
178.222.21.87:995
24.234.86.201:995
68.33.206.204:443
Targets
-
-
Target
a01392224d6e4e273ec175526786b060N.exe
-
Size
5.7MB
-
MD5
a01392224d6e4e273ec175526786b060
-
SHA1
4a07581b9e576b00f2481202d074f47ff2c3ece0
-
SHA256
0702af359122c92ca19423caeefedcc71f5bb2324be03fd83a9d18193c5ecbe3
-
SHA512
5bcae6eca704cd2d172f11865c78d90c91bb9744b5586c9f187b2f1d420048442a80ada82010abdaa4ba3d3fd04eab0ab7eb1d233f544a4b15a820065d4c15a4
-
SSDEEP
6144:k4thSUHz9HRg1c5Fm0Dq7VTu0Cdvm2MU3Iv7HCuqBl9scWBJy:jh3Hz9HeWFJDmV61AXuu6D
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-