General
-
Target
611fb912ca0d8a8d6b57a5fe54c4b3ad_JaffaCakes118
-
Size
221KB
-
Sample
240520-2dc9wshg22
-
MD5
611fb912ca0d8a8d6b57a5fe54c4b3ad
-
SHA1
d30d809df1e1f8db5511621c4869cf954d9ffe32
-
SHA256
b3781927bcf7932c336630f636f47cbdba47e2f5aa94039f87fbb15797455535
-
SHA512
812426a098f3d277e9d004e9fd288d2fe26ba410d4a79db1338c8f8faca03cb0f33da84f1f8575ab37dd554e26cff52428c3c10cc585d1c96df88e140ae056ef
-
SSDEEP
6144:9iCJP2aHc28pmBIUFqOkTo2/Pd7IYbUN0DQ2:9f82DICqJTo2tcqUN
Malware Config
Extracted
qakbot
324.75
spx88
1585759147
70.171.43.208:443
75.183.171.155:3389
68.49.120.179:443
189.160.175.134:443
24.168.237.215:443
5.14.217.101:443
47.40.244.237:443
71.77.252.14:2222
184.176.139.8:443
47.39.76.74:443
72.29.181.77:2222
208.101.148.129:995
100.40.48.96:443
5.233.232.81:61202
188.241.126.118:443
68.174.15.223:443
64.19.74.29:995
70.170.111.174:443
75.82.228.209:443
63.155.135.211:995
Targets
-
-
Target
611fb912ca0d8a8d6b57a5fe54c4b3ad_JaffaCakes118
-
Size
221KB
-
MD5
611fb912ca0d8a8d6b57a5fe54c4b3ad
-
SHA1
d30d809df1e1f8db5511621c4869cf954d9ffe32
-
SHA256
b3781927bcf7932c336630f636f47cbdba47e2f5aa94039f87fbb15797455535
-
SHA512
812426a098f3d277e9d004e9fd288d2fe26ba410d4a79db1338c8f8faca03cb0f33da84f1f8575ab37dd554e26cff52428c3c10cc585d1c96df88e140ae056ef
-
SSDEEP
6144:9iCJP2aHc28pmBIUFqOkTo2/Pd7IYbUN0DQ2:9f82DICqJTo2tcqUN
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-