General
-
Target
cb4a0fd09d51b6e51dbb3a8ea5323121_JaffaCakes118
-
Size
1.2MB
-
Sample
240830-vtd3sswerk
-
MD5
cb4a0fd09d51b6e51dbb3a8ea5323121
-
SHA1
b35b1c7ad5c77c7ac7a8afde0bf7362a721aadbe
-
SHA256
c118e4088bc5aaffebe7208df9f01da9d70ba625ba020c593723495c0954a203
-
SHA512
808673f987e07bb0061d34f4017a1d9a2b4e7a68a01fb057a2bf7aeb61148129717bf82d21ede38dfeb5895c6beae5781842700bce5114294e826950b6bdcdea
-
SSDEEP
6144:QsHHUPFY76DEoS5rYU/LPlbuo2YILNkFVZ5VfUllOp2n2FxHot1WL+Lwb5tJRp:ys6AoS5EU/Lp56kBgXOInmNouL+Lwb5b
Malware Config
Extracted
qakbot
325.43
abc008
1600855273
77.30.99.99:995
122.165.181.76:995
72.28.255.159:995
108.46.145.30:443
45.77.193.83:443
207.246.75.201:443
108.5.34.248:443
203.198.96.200:443
188.52.107.171:995
184.96.141.112:993
74.129.24.163:443
24.218.181.15:443
197.57.51.59:443
217.162.149.212:443
24.27.82.216:2222
78.97.3.6:443
96.41.93.96:443
197.210.96.222:995
45.32.154.10:443
199.247.16.80:443
Targets
-
-
Target
cb4a0fd09d51b6e51dbb3a8ea5323121_JaffaCakes118
-
Size
1.2MB
-
MD5
cb4a0fd09d51b6e51dbb3a8ea5323121
-
SHA1
b35b1c7ad5c77c7ac7a8afde0bf7362a721aadbe
-
SHA256
c118e4088bc5aaffebe7208df9f01da9d70ba625ba020c593723495c0954a203
-
SHA512
808673f987e07bb0061d34f4017a1d9a2b4e7a68a01fb057a2bf7aeb61148129717bf82d21ede38dfeb5895c6beae5781842700bce5114294e826950b6bdcdea
-
SSDEEP
6144:QsHHUPFY76DEoS5rYU/LPlbuo2YILNkFVZ5VfUllOp2n2FxHot1WL+Lwb5tJRp:ys6AoS5EU/Lp56kBgXOInmNouL+Lwb5b
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-