General
-
Target
c42e511e79fa6c3b2931080364522dfc_JaffaCakes118
-
Size
1.8MB
-
Sample
240827-cd6trsyfnq
-
MD5
c42e511e79fa6c3b2931080364522dfc
-
SHA1
413fa44b48570a07420aa1511276bb4c72374cd7
-
SHA256
b293691f6cf941d9841b65a58f8b75b97e37da6752531bdcfba449ec7fe3128b
-
SHA512
d114ffc76a5c9de6bb02228fe84f76e78ebcfcbf28be9f3dd02cfb2f00dfbc38579cee379cfb7adb580b6a5eb54c7d6e37b4fa346fcfea3ab9dd9abecf2b0295
-
SSDEEP
49152:lP3fgyBTbzDjvjwSBLoZFVf4d6enfWoKFxCZqOoFBvQC6bztk2KSZxE2i:s
Static task
static1
Behavioral task
behavioral1
Sample
c42e511e79fa6c3b2931080364522dfc_JaffaCakes118.vbs
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c42e511e79fa6c3b2931080364522dfc_JaffaCakes118.vbs
Resource
win10v2004-20240802-en
Malware Config
Extracted
qakbot
323.79
spx01
1567608215
72.16.212.107:995
107.12.140.181:443
69.70.37.246:465
66.51.231.183:443
108.160.123.244:443
65.30.12.240:443
47.49.7.42:443
73.202.121.222:443
47.153.115.154:995
47.153.115.154:443
72.29.181.77:2083
104.3.91.20:995
190.144.81.158:995
186.7.117.189:443
50.247.230.33:443
216.221.88.160:443
67.246.16.250:995
107.180.70.163:443
70.169.2.228:21
72.36.14.160:443
67.214.8.102:443
186.47.208.238:50000
166.62.129.86:443
23.240.185.215:443
159.118.173.115:443
98.165.206.64:443
162.244.224.166:443
75.157.194.173:995
207.179.194.91:443
68.238.144.55:443
47.54.254.139:2222
24.111.196.195:443
74.15.32.205:2222
189.236.234.173:995
187.156.135.153:2222
70.50.221.166:2222
65.94.90.23:1194
173.172.205.216:443
71.30.56.170:443
69.4.106.254:443
189.163.217.29:443
64.19.74.29:995
72.47.115.182:443
172.78.85.20:443
96.20.238.2:2083
96.22.239.27:2222
47.23.101.26:993
50.78.93.74:995
73.226.220.56:443
75.177.172.209:6881
192.24.181.185:443
72.255.200.129:443
206.51.202.106:50002
76.184.141.236:443
108.184.57.213:443
67.10.18.112:993
162.244.225.30:443
189.155.56.173:443
47.180.66.10:995
189.141.181.204:443
47.136.226.219:443
75.90.245.144:995
69.57.123.150:443
189.140.48.14:443
72.213.98.233:443
209.182.122.217:443
189.166.110.255:443
47.23.101.26:990
184.191.62.78:443
98.236.87.243:443
217.162.149.212:443
68.238.56.27:443
96.64.191.13:443
75.131.239.76:443
104.34.122.18:443
181.126.80.118:443
24.184.6.58:2222
68.83.59.107:443
173.22.120.11:2222
76.85.30.25:995
70.183.177.71:443
181.143.141.226:995
76.116.128.81:443
50.100.214.10:2222
96.20.238.2:2078
67.10.18.112:995
75.71.201.170:443
76.71.76.131:32101
89.138.118.87:995
68.174.15.223:443
99.228.242.183:995
71.182.142.63:443
70.188.98.97:443
148.163.2.101:443
166.62.180.194:2078
74.102.76.221:443
47.146.173.204:443
108.45.183.59:443
73.137.187.150:443
160.2.198.181:443
184.180.157.203:2222
199.126.92.231:995
2.50.171.216:443
98.186.90.192:995
111.125.70.30:2222
71.77.231.251:443
173.163.24.169:443
70.183.154.250:80
76.64.15.78:2222
67.77.162.13:443
190.120.196.18:443
187.163.101.137:995
24.229.150.54:995
105.246.79.4:995
35.136.74.103:443
71.197.126.250:443
67.41.197.173:2078
76.67.162.70:2222
24.27.82.216:2222
173.178.129.3:443
65.116.179.83:443
67.71.130.80:2222
68.59.209.183:995
184.163.89.150:3389
83.76.50.72:2222
72.142.106.198:990
64.20.68.35:2222
64.20.68.35:2083
116.58.100.130:995
184.74.101.234:995
189.160.191.239:443
174.48.72.160:443
64.229.194.70:995
70.166.97.7:465
70.164.39.91:443
75.131.72.82:443
76.6.64.52:443
98.224.57.108:443
47.214.144.253:443
70.24.218.99:995
138.122.5.214:2222
206.51.202.106:50003
108.14.239.97:443
174.19.109.195:993
98.236.87.243:995
73.133.46.105:995
Targets
-
-
Target
c42e511e79fa6c3b2931080364522dfc_JaffaCakes118
-
Size
1.8MB
-
MD5
c42e511e79fa6c3b2931080364522dfc
-
SHA1
413fa44b48570a07420aa1511276bb4c72374cd7
-
SHA256
b293691f6cf941d9841b65a58f8b75b97e37da6752531bdcfba449ec7fe3128b
-
SHA512
d114ffc76a5c9de6bb02228fe84f76e78ebcfcbf28be9f3dd02cfb2f00dfbc38579cee379cfb7adb580b6a5eb54c7d6e37b4fa346fcfea3ab9dd9abecf2b0295
-
SSDEEP
49152:lP3fgyBTbzDjvjwSBLoZFVf4d6enfWoKFxCZqOoFBvQC6bztk2KSZxE2i:s
-
Turns off Windows Defender SpyNet reporting
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1