General

  • Target

    5bc0b082c0e069532cb31bd08bd4a2d4_JaffaCakes118

  • Size

    4.2MB

  • Sample

    240729-yc9d6axajk

  • MD5

    5bc0b082c0e069532cb31bd08bd4a2d4

  • SHA1

    e48d322c3b1126ed4d51a0e50914d20fdc94c633

  • SHA256

    3849944c5db10f13305f76c92c1a8c80bc37f6a0514c19ea4a2bbeae62438113

  • SHA512

    2405d05220812ae9977213e3fd4f5474e2ac9be92f8da1c0a7bc9ebe541fbe77f1b006bb8b56b4b72e2b3bf681cbb7119da3c72190be22886a5503ea524ce210

  • SSDEEP

    6144:JYmFNuwc2x+lVPYQg9/AoLZlc0WbO9lOuo+PpDM7xACEL/Ubde4:JNIwHxaVPYfXuNACm/Ub/

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

partner01

Campaign

1597332272

C2

72.28.255.159:995

197.210.96.222:995

71.192.44.92:443

189.183.72.138:995

68.33.206.204:443

49.191.3.234:443

71.56.53.127:443

80.14.209.42:2222

24.139.132.70:443

76.187.12.181:443

89.137.211.239:443

216.201.162.158:443

151.73.112.220:443

92.59.35.196:2222

189.140.55.226:443

201.216.216.245:443

50.244.112.10:995

108.28.179.42:995

108.27.217.44:443

72.185.47.86:995

Targets

    • Target

      5bc0b082c0e069532cb31bd08bd4a2d4_JaffaCakes118

    • Size

      4.2MB

    • MD5

      5bc0b082c0e069532cb31bd08bd4a2d4

    • SHA1

      e48d322c3b1126ed4d51a0e50914d20fdc94c633

    • SHA256

      3849944c5db10f13305f76c92c1a8c80bc37f6a0514c19ea4a2bbeae62438113

    • SHA512

      2405d05220812ae9977213e3fd4f5474e2ac9be92f8da1c0a7bc9ebe541fbe77f1b006bb8b56b4b72e2b3bf681cbb7119da3c72190be22886a5503ea524ce210

    • SSDEEP

      6144:JYmFNuwc2x+lVPYQg9/AoLZlc0WbO9lOuo+PpDM7xACEL/Ubde4:JNIwHxaVPYfXuNACm/Ub/

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks