General
-
Target
6e0fb432c71367bbb53c6935f7f9e7421cf1d84ae59aaef177e7f511f887d6c3
-
Size
1.9MB
-
Sample
241012-x2ny3s1flq
-
MD5
e16c7f359e3f0a692e4a6339638b4edf
-
SHA1
eeea6413551fd0f329f961ae6afe7bc2f26366ff
-
SHA256
6e0fb432c71367bbb53c6935f7f9e7421cf1d84ae59aaef177e7f511f887d6c3
-
SHA512
610cc1cd3a20ccfb36f49f8d5aa1ab6ba9a4a6e1617d500c6ca917e5756a173a72994d9273a57cafa4e8cbe25751673902a3bfc6ef3f926fd631aa4bd2c904e6
-
SSDEEP
6144:3nfbfTbpOCVXVz9PJAA/cfFFcB6tyYf6N9aaNvWZecSBK6kVnC+1Abd:vbwaBp/cGe6zRKZUK6KTAbd
Malware Config
Extracted
qakbot
325.59
notset
1604404534
Protocol: ftp- Host:
192.185.5.208 - Port:
21 - Username:
[email protected] - Password:
NxdkxAp4dUsY
Protocol: ftp- Host:
162.241.218.118 - Port:
21 - Username:
[email protected] - Password:
EcOV0DyGVgVN
Protocol: ftp- Host:
69.89.31.139 - Port:
21 - Username:
[email protected] - Password:
fcR7OvyLrMW6!
Protocol: ftp- Host:
169.207.67.14 - Port:
21 - Username:
[email protected] - Password:
eQyicNLzzqPN
67.6.55.77:443
89.136.39.108:443
2.50.58.76:443
188.25.158.61:443
45.63.107.192:995
45.32.154.10:443
94.52.160.116:443
45.63.107.192:2222
45.63.107.192:443
72.204.242.138:465
84.117.176.32:443
95.77.223.148:443
47.146.39.147:443
41.225.13.128:8443
80.14.209.42:2222
190.220.8.10:995
66.76.105.194:443
105.101.69.242:443
89.33.87.107:443
75.136.40.155:443
Targets
-
-
Target
6e0fb432c71367bbb53c6935f7f9e7421cf1d84ae59aaef177e7f511f887d6c3
-
Size
1.9MB
-
MD5
e16c7f359e3f0a692e4a6339638b4edf
-
SHA1
eeea6413551fd0f329f961ae6afe7bc2f26366ff
-
SHA256
6e0fb432c71367bbb53c6935f7f9e7421cf1d84ae59aaef177e7f511f887d6c3
-
SHA512
610cc1cd3a20ccfb36f49f8d5aa1ab6ba9a4a6e1617d500c6ca917e5756a173a72994d9273a57cafa4e8cbe25751673902a3bfc6ef3f926fd631aa4bd2c904e6
-
SSDEEP
6144:3nfbfTbpOCVXVz9PJAA/cfFFcB6tyYf6N9aaNvWZecSBK6kVnC+1Abd:vbwaBp/cGe6zRKZUK6KTAbd
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-