General

  • Target

    5ce8ca2c99161818ce9f4444da82887f_JaffaCakes118

  • Size

    918KB

  • Sample

    240520-dsxp3shb58

  • MD5

    5ce8ca2c99161818ce9f4444da82887f

  • SHA1

    5c04d36d4700de9ab5f16d8e4ae8b73b01d5a984

  • SHA256

    8b08e73ad310f5e7e06c78b453ff8bc00851d0b9f86fa00c64a3dd42ec1632ce

  • SHA512

    475eba06a17037f9258417cfe553359b21d4248a1d6b64c8c603684eee8851ef92d81c1bd2145350fc015673f1d1b4bf5a5b4a1fc2c7b7fc055e66cf73c5ede6

  • SSDEEP

    6144:f3bDksaZLLP8OvtzpfzzlPFAAfwG44X0m+Z1Af61g8nKB17M1hRJG:fvksaZLwOvTzRP6Af44ajACi8Kr7M1g

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc003

Campaign

1600093841

C2

134.0.196.46:995

187.200.69.215:443

66.222.88.126:995

151.73.125.102:443

186.94.248.208:2078

71.56.53.127:443

87.65.204.240:995

63.155.74.135:995

68.184.45.73:443

82.77.105.236:2222

23.240.70.80:443

24.138.77.61:443

76.111.128.194:443

75.136.40.155:443

75.182.214.87:443

73.216.60.90:2222

148.240.52.146:443

108.185.113.12:443

216.163.4.136:443

66.215.32.224:443

Targets

    • Target

      5ce8ca2c99161818ce9f4444da82887f_JaffaCakes118

    • Size

      918KB

    • MD5

      5ce8ca2c99161818ce9f4444da82887f

    • SHA1

      5c04d36d4700de9ab5f16d8e4ae8b73b01d5a984

    • SHA256

      8b08e73ad310f5e7e06c78b453ff8bc00851d0b9f86fa00c64a3dd42ec1632ce

    • SHA512

      475eba06a17037f9258417cfe553359b21d4248a1d6b64c8c603684eee8851ef92d81c1bd2145350fc015673f1d1b4bf5a5b4a1fc2c7b7fc055e66cf73c5ede6

    • SSDEEP

      6144:f3bDksaZLLP8OvtzpfzzlPFAAfwG44X0m+Z1Af61g8nKB17M1hRJG:fvksaZLwOvTzRP6Af44ajACi8Kr7M1g

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks