Qakbot - это банковская вредоносная программа. Внедренный процесс пытается установить соединение с C2, и когда попытка успешна, он выполняет дополнительные вредоносные действия, такие как загрузка вредоносных модулей и вымогательство финансовой информации.
Indicators of Compromise
IPv4 Port Combinations
- 103.141.50.151:995
- 103.144.201.62:2078
- 103.252.7.228:443
- 103.42.86.42:995
- 108.162.6.34:443
- 108.6.249.139:443
- 109.159.119.203:2222
- 117.193.3.78:443
- 12.172.173.82:20
- 12.172.173.82:22
- 12.172.173.82:32101
- 12.172.173.82:50001
- 12.172.173.82:990
- 12.172.173.82:993
- 12.172.173.82:995
- 121.121.100.88:995
- 124.171.159.71:443
- 125.20.112.94:443
- 136.35.241.159:443
- 162.248.14.107:443
- 172.248.42.122:443
- 172.90.139.138:2222
- 173.18.126.3:443
- 173.76.49.61:443
- 174.104.184.149:443
- 175.139.207.179:2222
- 178.142.122.128:443
- 178.153.3.212:443
- 181.118.206.65:995
- 183.87.163.165:443
- 184.153.132.82:443
- 184.176.154.83:995
- 184.68.116.146:2222
- 184.68.116.146:3389
- 184.68.116.146:61202
- 185.13.180.250:443
- 186.64.67.12:443
- 188.48.85.14:995
- 190.249.241.149:443
- 198.2.51.242:993
- 199.83.165.233:443
- 201.210.79.16:2222
- 201.244.108.183:995
- 202.142.98.62:443
- 202.142.98.62:995
- 206.166.209.170:2222
- 209.171.163.72:995
- 213.31.90.183:2222
- 24.142.218.202:443
- 27.0.48.233:443
- 27.0.62.241:995
- 31.167.254.199:995
- 37.15.128.31:2222
- 41.228.225.131:995
- 46.10.198.106:443
- 46.24.136.17:2078
- 47.34.30.133:443
- 50.68.204.71:443
- 50.68.204.71:993
- 50.68.204.71:995
- 64.237.240.3:443
- 66.191.69.18:995
- 67.235.138.14:443
- 69.133.162.35:443
- 70.115.104.126:995
- 70.95.236.129:443
- 71.31.101.183:443
- 72.80.7.6:995
- 73.161.176.218:443
- 73.174.23.116:443
- 73.29.92.128:443
- 73.36.196.11:443
- 73.88.173.113:443
- 74.33.196.114:443
- 74.66.134.24:443
- 74.92.243.113:50000
- 75.115.14.189:443
- 75.143.236.149:443
- 75.98.154.19:443
- 75.99.125.238:2222
- 76.100.159.250:443
- 76.20.42.45:443
- 76.80.180.154:995
- 77.124.17.122:443
- 77.86.98.236:443
- 78.101.91.215:2222
- 80.103.77.44:2222
- 81.229.117.95:2222
- 81.248.77.37:2222
- 82.36.36.76:443
- 82.6.99.234:443
- 83.248.199.56:443
- 84.113.121.103:443
- 84.35.26.14:995
- 85.241.180.94:443
- 85.85.34.201:993
- 86.130.9.250:2222
- 86.134.75.5:443
- 86.160.217.36:50000
- 86.160.253.56:443
- 86.183.251.169:2222
- 86.225.214.138:2222
- 87.221.196.217:2222
- 89.115.196.99:443
- 90.116.219.167:2222
- 90.119.197.132:2222
- 90.79.129.166:2222
- 91.169.12.198:32100
- 91.68.227.219:443
- 92.186.69.229:2222
- 92.189.214.236:2222
- 92.239.81.124:443
- 92.8.187.85:2222
- 93.147.134.85:443
- 93.156.96.104:443
- 95.23.15.84:2222
- 98.145.23.67:443
- 98.187.21.2:443
URLs
- http://02coverlab.com/rulesupdate/QBOT_AZD.ZIP
- http://addmantra.com/rulesupdate/QBOT_AZD.ZIP
- http://arriaza.net/rulesupdate/QBOT_AZD.ZIP
- http://ashikurrohman.com/rulesupdate/FixesASAP_EBP4.zip
- http://ashikurrohman.com/rulesupdate/QBOT_AZD.ZIP
- http://bigsale100.com/rulesupdate/QBOT_AZD.ZIP
- http://ecselbd.com/rulesupdate/QBOT_AZD.ZIP
- http://harshotz.com/rulesupdate/QBOT_AZD.ZIP
- http://indrani-therapy.com/rulesupdate/QBOT_AZD.ZIP
- http://nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
- http://payonservice.com/rulesupdate/QBOT_AZD.ZIP
- http://pilesfistulasurgery.com/rulesupdate/FixesASAP_SPT8.zip
- http://pilesfistulasurgery.com/rulesupdate/QBOT_AZD.ZIP
- http://royalrangerseurope.net/rulesupdate/QBOT_AZD.ZIP
- http://skinartmc.com/rulesupdate/QBOT_AZD.ZIP
- http://sonisblog.com/rulesupdate/QBOT_AZD.ZIP
- http://sugandhvatika.com/rulesupdate/QBOT_AZD.ZIP
- http://xperterp.net/rulesupdate/QBOT_AZD.ZIP
Emails
- dhazge@olen.to
- kelly@staymagical.eu
MD5
- 379d63359d36df59f14ba0526bc70109
- 3abc5ad3ddaed18a3b3473d2853b5848
- 4a53de6145d56623ceca2f83c62445ce
- b2463818294b6a974274ba44230e084e
- df881c853b597b72fea05fcd08f649f1
- e2a26fcf9fc06877fe62a28781ec8a2d
- ef1bbae87363dfe532edecc7f89fa9ff
- f7faf277a70d3d7a51a69adf34eeeef7
SHA256
- 0029e9cc616276a2d6605f723d515c326287c063d97c746aee588050a56a531b
- 1bcb3eef5c6f8554249cfb5fddc68024335825a8568816ffc8c9a6e89f27c5d0
- a63506dff8b617a8044a8c727f98b55704cd22042becc4bf8da22bc858124c5d
- b46c7edb4d2ad5425d842731ea948f05532aa7c312c035365a38e7fef8c1d5ab