General
-
Target
2025-04-04_c3eac2a507042637fe1995a67079f787_amadey_rhadamanthys_smoke-loader
-
Size
812KB
-
Sample
250404-plfc1aynv6
-
MD5
c3eac2a507042637fe1995a67079f787
-
SHA1
a221cb9483950632405b65a55bd831b6ba1ccd60
-
SHA256
8bef244d820d964c52433558f61de7b2f9b80d842273a1f7679aae88bcc90ebf
-
SHA512
d6d80a969b3f126bb45815df62b91ad0d56b2352d4040f88f8e5d43aaaa6ea27d983afdbab358063eb0b6eb706fbaf46d00acfc09dcd76a9581637e1fdc33c8b
-
SSDEEP
12288:SFkrSCa3l21ex6JRoZvxLh84NnFd6ANwyH54oGRZcNADyu6Dkkq:SFkqBkJRoZlKAF7Nwjc0sk
Malware Config
Extracted
qakbot
323.108
1579169908
Protocol: ftp- Host:
192.185.5.208 - Port:
21 - Username:
[email protected] - Password:
NxdkxAp4dUsY
Protocol: ftp- Host:
162.241.218.118 - Port:
21 - Username:
[email protected] - Password:
EcOV0DyGVgVN
Protocol: ftp- Host:
69.89.31.139 - Port:
21 - Username:
[email protected] - Password:
fcR7OvyLrMW6!
Protocol: ftp- Host:
169.207.67.14 - Port:
21 - Username:
[email protected] - Password:
eQyicNLzzqPN
5.89.115.73:2222
47.40.244.237:443
75.70.218.193:443
74.137.56.132:443
75.142.59.167:443
96.241.184.247:995
72.209.191.27:443
64.19.74.29:995
72.218.167.183:443
71.214.26.195:443
71.226.140.73:443
201.152.141.209:995
130.93.11.211:443
24.187.56.19:2222
111.125.70.30:2222
76.23.204.29:443
130.93.11.211:50010
50.247.230.33:995
67.10.18.112:993
173.3.132.17:995
Targets
-
-
Target
2025-04-04_c3eac2a507042637fe1995a67079f787_amadey_rhadamanthys_smoke-loader
-
Size
812KB
-
MD5
c3eac2a507042637fe1995a67079f787
-
SHA1
a221cb9483950632405b65a55bd831b6ba1ccd60
-
SHA256
8bef244d820d964c52433558f61de7b2f9b80d842273a1f7679aae88bcc90ebf
-
SHA512
d6d80a969b3f126bb45815df62b91ad0d56b2352d4040f88f8e5d43aaaa6ea27d983afdbab358063eb0b6eb706fbaf46d00acfc09dcd76a9581637e1fdc33c8b
-
SSDEEP
12288:SFkrSCa3l21ex6JRoZvxLh84NnFd6ANwyH54oGRZcNADyu6Dkkq:SFkqBkJRoZlKAF7Nwjc0sk
Score10/10-
Qakbot family
-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-