General
-
Target
QakBot - 26.12.2022.zip
-
Size
930KB
-
Sample
241210-mxe59symcn
-
MD5
c1c0d4caad48ac9cae7de99b430c2b40
-
SHA1
995283bdcce16f880fcd77ed87a5ea4a585f928f
-
SHA256
7a61ffa2b2824eb796fd2090ac9530bc0c44aa5f5b671198969bf9ce8e4d1958
-
SHA512
2ffe3a5e2f2f874fcbb341d6deb2b48b06a3615c3ef7f9e5718e6c368d178f0e8bf4853a4dcb04eaa8983f4d99248b5a2fc4b9a592bcca701d10f55673e92ba1
-
SSDEEP
24576:NfNnpVks14rsx2Hcj89lHkBeIpPIB4quQnPONyr8+0Aj+:NVnpVksIm28qkBeIpPIB4qznPONyrN0H
Malware Config
Extracted
qakbot
404.66
BB11
1671725928
27.109.19.90:2078
50.68.204.71:995
217.43.16.149:443
181.118.206.65:995
152.171.41.171:443
98.187.21.2:443
121.121.100.148:995
87.252.106.197:995
172.90.139.138:2222
172.248.42.122:443
24.142.218.202:443
76.100.159.250:443
92.8.187.85:2222
69.133.162.35:443
50.86.217.209:443
78.18.42.55:443
92.27.86.48:2222
185.13.180.250:443
50.26.197.236:993
24.69.84.237:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
F12.iso
-
Size
102.2MB
-
MD5
71dc49c8604801a97f6c2650fecc7905
-
SHA1
4c686cb740384db18febff3a9e230935cc71451e
-
SHA256
eca4870cb095914b3ea2e75bf4362ef7ada9d207995ae850e67d52cda0b5aff5
-
SHA512
b1f47d228af3fd83af27162c1d7cae3407893531379862ea4d099d9def200fc3e13d49a0792c4ba8d8f1ef1c3c40e635702cac9137ad1729aabe3cc00dffc3be
-
SSDEEP
24576:Q4PRw+wFwJGwgwsZicphuWJmknFM+9zKhGCN0sigLe:zPRw+wFwJGwgwz
Score10/10-
Qakbot family
-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-