General

  • Target

    5ce4916abc949bf3c04bfb8184745397_JaffaCakes118

  • Size

    4.3MB

  • Sample

    240729-ytb5zsxgnq

  • MD5

    5ce4916abc949bf3c04bfb8184745397

  • SHA1

    a02521d9e351c3682b5eb5e4f541e0dcb5ef1960

  • SHA256

    60f82b88809017646d1e61cfd919e0e33773f3035e78d78fe1a1b4e6540b4ff2

  • SHA512

    6a2b13cdc9016889043fb7b8e9dfe0f6e6a18c5759c1e4893339cc95f4c9aaa970f76a1cd4dd17e9e121dec5f50056f2f6d4095e6f2e652e8fa7ea9118c95ffc

  • SSDEEP

    24576:aIydQMFmTIaG+hzgK/sdZvaKBaJh+TxyQh:ednj5IzgK/sdZvaKBaJhgp

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

abc006

Campaign

1600687594

C2

72.204.242.138:20

75.136.40.155:443

207.255.161.8:443

80.240.26.178:443

86.122.241.39:2222

103.238.231.40:443

47.146.32.175:443

202.141.244.118:995

185.19.190.81:443

24.201.79.208:2078

178.87.21.21:443

66.222.88.126:995

185.246.9.69:995

172.78.30.215:443

83.110.6.64:2222

41.233.39.224:995

77.159.149.74:443

66.76.105.197:443

134.0.196.46:995

75.87.161.32:995

Targets

    • Target

      5ce4916abc949bf3c04bfb8184745397_JaffaCakes118

    • Size

      4.3MB

    • MD5

      5ce4916abc949bf3c04bfb8184745397

    • SHA1

      a02521d9e351c3682b5eb5e4f541e0dcb5ef1960

    • SHA256

      60f82b88809017646d1e61cfd919e0e33773f3035e78d78fe1a1b4e6540b4ff2

    • SHA512

      6a2b13cdc9016889043fb7b8e9dfe0f6e6a18c5759c1e4893339cc95f4c9aaa970f76a1cd4dd17e9e121dec5f50056f2f6d4095e6f2e652e8fa7ea9118c95ffc

    • SSDEEP

      24576:aIydQMFmTIaG+hzgK/sdZvaKBaJh+TxyQh:ednj5IzgK/sdZvaKBaJhgp

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks