General
-
Target
375cc112d9052de805951af453e483b0372f2797a09108d3c9feab4015b45e4c
-
Size
388KB
-
Sample
250202-1eg4ss1mar
-
MD5
8ba64166174589397392dfb389a6471a
-
SHA1
d3f2fffc6c9bb244bc6de6748103ec09f9645759
-
SHA256
375cc112d9052de805951af453e483b0372f2797a09108d3c9feab4015b45e4c
-
SHA512
f3d2044c55ec41dd771c3b032734855f3a8c82f70e6ceb651e85a1e0544fd298dae025305ffbae604129d23049c480e83dad5212b7ccbd933758a38f6cc555c2
-
SSDEEP
6144:XjiJi6LQKqQ0O1K9QxeSSAN8BVHV2CIe997bOj3b:XX64QrK9QxeSSAN6VHYCOrb
Malware Config
Extracted
qakbot
324.8
1582189741
Protocol: ftp- Host:
192.185.5.208 - Port:
21 - Username:
[email protected] - Password:
NxdkxAp4dUsY
Protocol: ftp- Host:
162.241.218.118 - Port:
21 - Username:
[email protected] - Password:
EcOV0DyGVgVN
Protocol: ftp- Host:
69.89.31.139 - Port:
21 - Username:
[email protected] - Password:
fcR7OvyLrMW6!
Protocol: ftp- Host:
169.207.67.14 - Port:
21 - Username:
[email protected] - Password:
eQyicNLzzqPN
206.169.163.147:995
98.213.28.175:443
175.111.128.234:443
50.78.93.74:443
99.199.174.72:443
37.26.26.43:443
172.78.87.180:443
96.35.170.82:2222
100.40.48.96:443
47.153.115.154:995
104.3.91.20:995
69.92.54.95:995
24.32.119.146:443
71.88.220.181:443
78.56.103.184:443
86.254.93.195:2222
75.110.250.89:443
75.81.25.223:995
86.126.253.30:443
104.34.122.18:443
Targets
-
-
Target
375cc112d9052de805951af453e483b0372f2797a09108d3c9feab4015b45e4c
-
Size
388KB
-
MD5
8ba64166174589397392dfb389a6471a
-
SHA1
d3f2fffc6c9bb244bc6de6748103ec09f9645759
-
SHA256
375cc112d9052de805951af453e483b0372f2797a09108d3c9feab4015b45e4c
-
SHA512
f3d2044c55ec41dd771c3b032734855f3a8c82f70e6ceb651e85a1e0544fd298dae025305ffbae604129d23049c480e83dad5212b7ccbd933758a38f6cc555c2
-
SSDEEP
6144:XjiJi6LQKqQ0O1K9QxeSSAN8BVHV2CIe997bOj3b:XX64QrK9QxeSSAN6VHYCOrb
Score10/10-
Qakbot family
-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-