General

  • Target

    57fc7f0fe915ca5536491079f9f448e3_JaffaCakes118

  • Size

    937KB

  • Sample

    240519-ca78escd5t

  • MD5

    57fc7f0fe915ca5536491079f9f448e3

  • SHA1

    35bba208ce5f96c1c4b6632304901bf060eb0212

  • SHA256

    9e2864977d0e2bf7e8def198db7d3022188cd764519c2f385797a7ca394c2283

  • SHA512

    e9cff1b1d8b9145177cbdfcfbaceb79dec034272ca1d88eacba53abd8e10577b13332983a13774ddb46be20469a8ab1cd10b950dc3196b30c34b197f57e0490e

  • SSDEEP

    24576:XHHsQdjpEm3+wso/ykMdeifMcHuWQ4CBxIkjKOa:XHH5FOws8yLei020He

Malware Config

Extracted

Family

qakbot

Version

323.79

Botnet

spx04

Campaign

1568039940

C2

190.120.196.18:443

70.169.2.228:21

189.160.191.239:443

174.48.72.160:443

99.231.208.9:443

12.5.37.3:443

173.178.129.3:443

189.236.138.168:443

67.41.197.173:2078

173.172.205.216:443

76.69.181.244:995

70.164.39.91:443

75.131.72.82:443

189.236.214.160:995

199.126.92.231:995

98.224.57.108:443

72.142.106.198:995

98.186.90.192:995

72.36.14.160:443

75.177.172.209:6882

Targets

    • Target

      Wong_B.vbs

    • Size

      1.9MB

    • MD5

      32432f63ce811f734d1938060fe83b4c

    • SHA1

      e768c6bf965a548f8e8e79413d67998ee5173364

    • SHA256

      798e44b2af6329ac38f144d816096b72889009f44c9d74aefa36c11dbdc5522a

    • SHA512

      d41328ae22eb0768c70567c7759ed9164112c47f4c81ffb3c3b387c0f8fe33b29725d25cd5b8b390c9feca405d9f426cb823ed8ec5b91d7a139ae5de742e9351

    • SSDEEP

      49152:bs87tFIYKrGSBUsthSxelQwz1w9r+U32mIXzTmCc4iMVWS:k

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

3
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Tasks