Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    009f6d7f8f7bd721d5377051587ec42e_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240426-m6bt7sfa6s

  • MD5

    009f6d7f8f7bd721d5377051587ec42e

  • SHA1

    916c4b50cc9640d456ff7a1503c5841977caa727

  • SHA256

    f93b8b6aedc9c13590c7eb2247c920e376ab33354e9ca4003834ab9f043006f0

  • SHA512

    bbcb1280322f464695594dc02f71c813f229b858a091068ab7f758e49a0e08473c75a0337b3758078590afad6f2dc86a343adba2bdb505f896af814d8c8f4e3b

  • SSDEEP

    12288:zVbaHbD19/nXEx5xuzi6AoS5qt4cW+EEFsfZdGvvOWTbL:zZ+bh9cTottW+jKZI3OWTH

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc004

Campaign

1600240826

C2

96.227.127.13:443

98.22.65.76:443

67.165.206.193:993

50.244.112.10:995

72.204.242.138:465

72.36.59.46:2222

68.174.15.223:443

69.11.247.242:443

75.81.25.223:443

95.77.223.148:443

47.146.32.175:443

50.232.172.114:443

24.231.54.185:2222

184.180.157.203:2222

190.31.192.182:443

84.47.220.117:995

96.18.240.158:443

117.199.14.80:443

184.97.148.2:443

207.255.161.8:993

Targets

    • Target

      009f6d7f8f7bd721d5377051587ec42e_JaffaCakes118

    • Size

      1.0MB

    • MD5

      009f6d7f8f7bd721d5377051587ec42e

    • SHA1

      916c4b50cc9640d456ff7a1503c5841977caa727

    • SHA256

      f93b8b6aedc9c13590c7eb2247c920e376ab33354e9ca4003834ab9f043006f0

    • SHA512

      bbcb1280322f464695594dc02f71c813f229b858a091068ab7f758e49a0e08473c75a0337b3758078590afad6f2dc86a343adba2bdb505f896af814d8c8f4e3b

    • SSDEEP

      12288:zVbaHbD19/nXEx5xuzi6AoS5qt4cW+EEFsfZdGvvOWTbL:zZ+bh9cTottW+jKZI3OWTH

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.