General
-
Target
20efcddcbdd32c1b9648a4d50d2a29bb_JaffaCakes118
-
Size
221KB
-
Sample
240507-swclmsda2v
-
MD5
20efcddcbdd32c1b9648a4d50d2a29bb
-
SHA1
b36284f8d8f3a193ef9f0aa2465eee0deca99d94
-
SHA256
fd1e4ecef5aed84a1e9cf04271111c5041d6c50c850b75959932927cf875293a
-
SHA512
067da669c2d212537426a4027cfb326216c5fb31f4e2cbbc881dc0a6cf99688a303b076b9256f87243d75b19b73ac475400c4a30da8aa6bacce66bd2c59ca8a4
-
SSDEEP
6144:afb0rHntqUtSsDWXjU5YVFsWfefYwd8h:hksDMjU5YVaWkd
Malware Config
Extracted
qakbot
324.70
spx85
1585321881
201.152.111.104:995
181.197.195.138:995
96.35.170.82:2222
50.244.112.10:443
174.126.230.25:443
74.33.70.220:443
72.80.137.215:443
86.121.120.255:443
108.190.151.108:2222
70.166.158.118:443
24.229.245.124:995
71.187.170.235:443
49.191.6.183:995
71.80.45.253:443
46.214.62.199:443
76.107.242.174:443
79.116.229.1:995
31.5.172.53:443
71.172.110.236:443
94.98.82.131:443
Targets
-
-
Target
20efcddcbdd32c1b9648a4d50d2a29bb_JaffaCakes118
-
Size
221KB
-
MD5
20efcddcbdd32c1b9648a4d50d2a29bb
-
SHA1
b36284f8d8f3a193ef9f0aa2465eee0deca99d94
-
SHA256
fd1e4ecef5aed84a1e9cf04271111c5041d6c50c850b75959932927cf875293a
-
SHA512
067da669c2d212537426a4027cfb326216c5fb31f4e2cbbc881dc0a6cf99688a303b076b9256f87243d75b19b73ac475400c4a30da8aa6bacce66bd2c59ca8a4
-
SSDEEP
6144:afb0rHntqUtSsDWXjU5YVFsWfefYwd8h:hksDMjU5YVaWkd
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-