Qakbot Malware IOCs - Part 5

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Qakbot Malware IOCs

• Qbot Botnet IOC
• Qbot Trojan IOCs
• Qakbot (Qbot) Trojan IOCs
• Qakbot Malware IOCs

Indicators of Compromise

IPv4 Port Combinations

• 1.10.253.207:443
• 100.1.5.250:995
• 102.101.231.141:443
• 102.184.151.194:995
• 102.188.100.131:995
• 102.38.96.108:995
• 102.38.97.229:995
• 102.40.236.32:995
• 104.34.212.7:32103
• 105.105.104.0:443
• 105.109.138.89:443
• 105.111.60.60:995
• 105.159.30.48:443
• 105.197.192.21:995
• 105.98.130.85:443
• 105.99.214.62:995
• 105.99.217.147:995
• 105.99.80.23:443
• 109.155.5.164:993
• 109.158.159.179:993
• 109.200.165.82:443
• 110.4.255.247:443
• 111.125.245.116:995
• 113.170.216.154:443
• 113.22.102.155:443
• 118.174.200.169:995
• 118.174.204.204:995
• 118.175.247.124:995
• 118.216.99.232:443
• 118.68.220.199:443
• 119.42.124.18:443
• 119.82.111.158:443
• 120.150.218.241:995
• 123.240.131.1:443
• 125.26.54.57:995
• 134.35.11.110:443
• 134.35.13.201:443
• 134.35.13.43:443
• 134.35.13.45:443
• 134.35.9.144:443
• 138.0.114.166:443
• 139.195.132.210:2222
• 139.195.63.45:2222
• 139.228.33.176:2222
• 14.183.63.12:443
• 14.184.97.67:443
• 141.164.254.35:443
• 151.234.63.48:990
• 151.234.97.239:990
• 154.181.136.133:995
• 154.181.203.230:995
• 154.238.151.197:995
• 154.246.182.210:443
• 156.213.107.29:995
• 156.219.49.22:995
• 160.152.135.188:2222
• 160.176.204.241:443
• 167.60.82.242:995
• 169.1.47.111:443
• 169.159.95.135:2222
• 171.238.230.59:443
• 171.248.157.128:995
• 172.115.177.204:2222
• 173.189.167.21:995
• 173.218.180.91:443
• 175.110.231.67:443
• 176.42.245.2:995
• 176.90.193.145:2222
• 177.255.14.99:995
• 179.108.32.195:443
• 179.111.111.88:32101
• 179.158.103.236:443
• 179.223.89.154:995
• 179.24.245.193:995
• 180.180.131.95:443
• 181.111.20.201:443
• 181.118.183.123:443
• 181.127.138.30:443
• 181.231.229.133:443
• 181.56.125.32:443
• 181.59.3.118:443
• 181.80.133.202:443
• 181.81.116.144:443
• 182.213.208.5:443
• 184.82.110.50:995
• 184.99.123.118:443
• 186.105.182.127:443
• 186.120.58.88:443
• 186.154.92.181:443
• 186.167.249.206:443
• 186.50.245.74:995
• 186.64.87.202:443
• 187.205.222.100:443
• 188.157.6.170:443
• 189.19.189.222:32101
• 190.158.58.236:443
• 190.44.40.48:995
• 190.59.247.136:995
• 191.254.74.89:32101
• 191.84.204.214:995
• 191.97.234.238:995
• 193.3.19.37:443
• 194.166.205.204:995
• 194.166.207.160:995
• 194.49.79.231:443
• 196.112.34.71:443
• 196.64.231.231:443
• 196.64.239.93:443
• 196.92.172.24:8443
• 197.11.128.156:443
• 197.204.143.46:443
• 197.204.209.38:443
• 197.204.243.167:443
• 197.49.50.44:443
• 197.94.210.133:443
• 197.94.84.128:443
• 2.182.104.151:990
• 2.185.210.129:990
• 2.89.78.130:993
• 200.161.62.126:32101
• 201.177.163.176:443
• 210.195.18.76:2222
• 211.248.176.4:443
• 212.156.51.194:443
• 217.165.146.41:993
• 217.165.77.134:443
• 217.165.77.134:995
• 217.165.85.223:993
• 219.69.103.199:443
• 220.116.250.45:443
• 24.139.72.117:443
• 24.178.196.158:2222
• 24.55.67.176:443
• 27.73.215.46:32102
• 31.166.116.171:443
• 31.32.180.179:443
• 31.54.39.153:2078
• 37.210.148.30:995
• 37.34.253.233:443
• 37.37.206.87:995
• 37.76.197.124:443
• 39.49.67.4:995
• 41.103.226.172:443
• 41.105.197.244:443
• 41.107.78.223:995
• 41.111.1.60:995
• 41.111.77.115:995
• 41.142.132.190:443
• 41.248.89.135:443
• 41.69.103.179:995
• 41.69.118.117:995
• 41.96.152.196:443
• 41.96.171.218:443
• 41.96.56.224:443
• 41.97.64.224:443
• 41.97.76.61:443
• 41.99.57.155:443
• 45.160.124.211:995
• 45.183.234.180:443
• 45.241.140.181:995
• 45.51.148.111:993
• 46.107.48.202:443
• 46.116.229.16:443
• 46.186.216.41:32100
• 47.146.182.110:443
• 47.180.172.159:443
• 47.23.89.61:993
• 47.23.89.61:995
• 61.105.45.244:443
• 61.70.29.53:443
• 62.114.193.186:995
• 63.143.92.99:995
• 64.207.215.69:443
• 66.181.164.43:443
• 67.209.195.198:443
• 68.129.232.158:443
• 68.151.196.147:995
• 68.224.229.42:443
• 68.50.190.55:443
• 68.53.110.74:995
• 70.46.220.114:443
• 70.49.33.200:2222
• 70.51.132.197:2222
• 70.81.121.237:2222
• 71.10.27.196:2222
• 72.66.96.129:995
• 72.88.245.71:443
• 76.169.76.44:2222
• 78.100.225.34:2222
• 78.100.228.93:995
• 78.100.254.17:2222
• 78.101.202.75:50010
• 78.168.87.170:2222
• 78.182.113.80:443
• 81.131.161.131:2078
• 81.214.220.237:443
• 81.56.22.251:995
• 83.110.219.59:993
• 84.238.253.171:443
• 84.38.133.191:443
• 85.114.110.108:443
• 85.114.99.34:443
• 85.139.203.42:32101
• 85.98.206.165:995
• 85.98.46.114:443
• 86.98.156.176:993
• 86.98.156.218:993
• 87.220.229.164:2222
• 87.243.113.104:995
• 87.75.195.211:443
• 88.231.221.198:443
• 88.231.221.198:995
• 88.232.207.24:443
• 88.242.228.16:53
• 88.244.84.195:443
• 88.245.103.132:2222
• 88.245.168.200:2222
• 88.246.170.2:443
• 88.251.38.53:443
• 89.211.217.38:995
• 89.211.223.138:2222
• 91.116.160.252:443
• 93.48.80.198:995
• 94.99.110.157:995
• 95.10.13.82:443
• 95.136.41.50:443
• 98.180.234.228:443
• 99.232.140.205:2222
• 99.253.251.74:443

Domains

• ekuberr.com
• freedombusinessclub.com
• globalworkplacewellnesssummit.com
• skymarkltd.com
• sportjogiszakjogasz.hu
• thefriendlygreen.ca

URLs

• https://agroster.pk/qh/iinuttcodnsiu
• https://agroster.pk/qh/Utatque1129717003.zip
• https://ekuberr.com/asor/nmsaCedasmuu2170972107.zip
• https://ekuberr.com/asor/nmtsveidnprooi
• https://freedombusinessclub.com/ipte/ladomtlui
• https://freedombusinessclub.com/ipte/nmsaCedasmuu2170972107.zip
• https://globalworkplacewellnesssummit.com/tso/neaisdauescuqer
• https://globalworkplacewellnesssummit.com/tso/nmsaCedasmuu2170972107.zip
• https://henryteage.com/1rGwJ/sd.html
• https://scavassarts.tk/orn/sercopiaruomr
• https://scavassarts.tk/orn/Utatque1129717003.zip
• https://skymarkltd.com/stp/litubpauvtoets
• https://skymarkltd.com/stp/nmsaCedasmuu2170972107.zip
• https://sportjogiszakjogasz.hu/nat/nmsaCedasmuu2170972107.zip
• https://sportjogiszakjogasz.hu/nat/snqtuieoeu
• https://starhealthconsultancy.com/tu/tusicncheni
• https://starhealthconsultancy.com/tu/Utatque1129717003.zip
• https://thefriendlygreen.ca/rbv/nmsaCedasmuu2170972107.zip
• https://thefriendlygreen.ca/rbv/tasauqcdi

Emails

• a.ynanomrl@aadamrealestate.com
• acarricato@biferdil.com
• accounts@sunderlandbakery.com
• adm_oaxaca@pylsa.com
• admin@maysatech.ir
• administrator@proteam.mx
• adriana.lara@completerecoverycorp.com
• agustinus@julongindonesia.com
• ana@capsecurity.net
• bernardo@yourhostingaccount.com
• cobkh@speedpanelmember.com
• comercial@jespac.com
• cpinv@curiopack.com.my
• crystalsm.chu@wanfook.com
• e3yocj0@adsciende-labs.site
• erika.jimenez@firco.gob.mx
• erml@readngr.com.ng
• fayyaz.hussain@fazalcloth.com
• finance@t5exchanges.com
• fulvio@fugi.it
• heidelbergmetal@bellnet.ca
• hvg@gaana.com.mx
• info@sheensolutions.com
• ishan.b@manikaranpowerltd.in
• jadelgado@grupodelgado.com.do
• jawwad@sindbadwl.com
• joaquin.tellez@firco.gob.mx
• joe.casey@summitcmgroup.com
• k.ikhnrue@omega.sd
• kenna@arcticshine.ca
• laboratorioanalisi.termoli@asrem.org
• marianod@mroyo.com
• marketing@toptech.com.eg
• mezcalero@gruposeptimo.com.mx
• mp2554@unitechservicesgroup.com
• o.aldnurora@cookywow.xyz
• orders@kustomkinetics.com
• pec@esjocoli.com.ar
• pm_bounces@pm-bounces.merf-pakistan.org
• rjps.administracion@diocesisdeleon.org
• roxanna.monardez@plastock.cl
• rretrimoem.ayhv@mosqu.id
• sales.sideeg@gsbsolars.com
• sales4@idss.ae
• sebastian.avila@astromaquinaria.com
• service@eigbox.net
• sistemacalidad@foodscompany.com
• spanishmedicalclinic@bellnet.ca
• ssm@alconvictorgroup.com
• sufiyan.attar@biganimation.com
• teleasistenciabv@vimenca.com
• test@indicussoftware.com
• test@nepco21.com
• tlalnepantla@runsa.com.mx
• tony.vo@fis-asia.com
• uaqnj5a@ladurardradio.com
• uy6l6c@meggriffe.com.br
• venkatakrishnanmv@inspirisys.com
• wair.uomsbzotill@havilahdesign.com
• weborders@entry.dochunters.com
• yogesh@metrod.com

MD5

• 069fbff5bbfa4dd3295442b26893c6bb
• 0ab49521ce08a2c351075bccb17e7e9d
• 0ff5fc33d75199373a288294739f6c21
• 1a8b838cb257c717004db368d30efce7
• 1d0479ff1712082ad67a1b3b8e88d225
• 253e5f214f20e46d88f03d4981baea37
• 3afc16868e066a7adf2068f97e84011c
• 3b29fec14950d78e91866d7db582e3e3
• 3ba9f9c908beb40da52066ca0226a1d4
• 3d2ec0f46988722d46440d53975d1b29
• 3d9e1ad63c942c5d724cf7d0946ebbf1
• 3eccbf958ce3c673ae93d54b8321caeb
• 3f2f8c707ea746e5c6c46fd66624fc5b
• 417c68601e4c185af6c2905ee240fa91
• 41c222bda31156c93820addbf16ed805
• 4439dba769f9f8db3f6a519a0c5d020b
• 4fbe0478049cfac9030f5d3d18e5741e
• 5419675e67c71009d81bf133cc7e5b57
• 57fd70f82ebce5e9acb9da92e174a5da
• 5cb5adee2ffdc135fbd755e1a6774757
• 665a19143949121b401c8ecdc6c5f6e2
• 6f1d36258db2764598bce8a2065375ba
• 70f3ed26c5b441d481b708d1efb79ee2
• 7840ecc22c52c858f3dbbe99232ea589
• 821d8d27a834410b34753b28444ca1f9
• 833da3da8d1fcc2260dc26a998e54d0a
• 8571ba6c98347e64006b2ac20ae1f512
• 867c917fd94a506773b0403f8e01b6eb
• 887c99d3a88b1b91945333437afe04d5
• 89f2dc24e0604f12d074734e79e4de56
• 8d2aaa98bf75c6dcdc8d704ebddf7bc9
• 9039beb05dc303aeddd322beebcff122
• 90cd2fd8126a1f11317eb7611f2cd9c8
• 9fa00e807805d8809c4899857eba772b
• a6db8baa770833ab1096a7251b8082ac
• a7f275822dfd7a4b9931ca13fa039472
• ac7321782bb782136bc5b85ab106eaca
• b1e020474aacf20752d9053654cfa91b
• b74463c870d1d7347ac620e933429a5c
• c00c92565526a25bbdf18fde42c4c4f3
• c061bccfc441bde0f4cc306ad98a41fc
• c7111adf2612a80d7bc35485f646d32b
• c7e83c868a5add2c479b468331285d44
• c9866d99b93709a87fcad9e47173d1be
• c9e818c0ef06d66dec8d0694ba5af1b4
• c9f9f0165454140f50b82d564d773f64
• cef4879fd06ef0cca00ddad89981597a
• d2c27563931d4676c812c94ed064f05b
• de4b739c80737d7d436057fbe64681cb
• e3d920303f934dc7f71ed1c4d67854dc
• e627af3f4c5c04cdcb8c457cc6b93c71
• ec4192c11d1d4b724846a4c4b49807ad
• ef76b7e8af4887efd875ed932e42022c
• f401b7cc2caeb6f77eb3cf641ef3d51a
• f57e536998f505695b1936dcc1638c18
• f6c9fb967b1f8fa3df7132feae778a54
• fd7e32f9baaa4cba9b9e86ed7c0ac997