General
-
Target
57fc7f0fe915ca5536491079f9f448e3_JaffaCakes118
-
Size
937KB
-
Sample
240519-ca78escd5t
-
MD5
57fc7f0fe915ca5536491079f9f448e3
-
SHA1
35bba208ce5f96c1c4b6632304901bf060eb0212
-
SHA256
9e2864977d0e2bf7e8def198db7d3022188cd764519c2f385797a7ca394c2283
-
SHA512
e9cff1b1d8b9145177cbdfcfbaceb79dec034272ca1d88eacba53abd8e10577b13332983a13774ddb46be20469a8ab1cd10b950dc3196b30c34b197f57e0490e
-
SSDEEP
24576:XHHsQdjpEm3+wso/ykMdeifMcHuWQ4CBxIkjKOa:XHH5FOws8yLei020He
Malware Config
Extracted
qakbot
323.79
spx04
1568039940
190.120.196.18:443
70.169.2.228:21
189.160.191.239:443
174.48.72.160:443
99.231.208.9:443
12.5.37.3:443
173.178.129.3:443
189.236.138.168:443
67.41.197.173:2078
173.172.205.216:443
76.69.181.244:995
70.164.39.91:443
75.131.72.82:443
189.236.214.160:995
199.126.92.231:995
98.224.57.108:443
72.142.106.198:995
98.186.90.192:995
72.36.14.160:443
75.177.172.209:6882
Targets
-
-
Target
Wong_B.vbs
-
Size
1.9MB
-
MD5
32432f63ce811f734d1938060fe83b4c
-
SHA1
e768c6bf965a548f8e8e79413d67998ee5173364
-
SHA256
798e44b2af6329ac38f144d816096b72889009f44c9d74aefa36c11dbdc5522a
-
SHA512
d41328ae22eb0768c70567c7759ed9164112c47f4c81ffb3c3b387c0f8fe33b29725d25cd5b8b390c9feca405d9f426cb823ed8ec5b91d7a139ae5de742e9351
-
SSDEEP
49152:bs87tFIYKrGSBUsthSxelQwz1w9r+U32mIXzTmCc4iMVWS:k
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Turns off Windows Defender SpyNet reporting
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1