General
-
Target
f10a4d3469a3cfb8ef469d14bbbd3034_JaffaCakes118
-
Size
5.8MB
-
Sample
240922-b75ywswfqm
-
MD5
f10a4d3469a3cfb8ef469d14bbbd3034
-
SHA1
f80c017a0eaba637b78ee472723e5f27aebb2c79
-
SHA256
8a5776f0dc1869efa02e2842c52fc645456050aaf981e520fcb768cb2f039c2f
-
SHA512
68072332a0fb31b2149561a418f9a172de034dafbdf9d8d64eab79010845460bf98ed0573e014b6e50bae3a76e49590700e158b05e3ab6d875000a31a5591985
-
SSDEEP
12288:mh3Hz9Hez0l7jmUCVgYrGCBB6R0EwLtWwe2:YHJvl+6YT36R0EwLIwe2
Malware Config
Extracted
qakbot
325.43
abc004
1600335944
47.146.169.85:443
74.75.216.202:443
173.22.125.129:2222
200.75.136.78:443
65.131.34.101:995
84.78.128.76:2222
24.53.49.240:2222
72.209.191.27:443
189.183.73.227:995
178.222.113.168:995
71.221.92.98:443
37.210.186.213:61201
92.59.35.196:2222
98.26.50.62:995
5.81.250.6:2222
72.204.242.138:20
207.255.161.8:443
207.255.161.8:2087
207.255.161.8:32103
203.198.96.200:443
Targets
-
-
Target
f10a4d3469a3cfb8ef469d14bbbd3034_JaffaCakes118
-
Size
5.8MB
-
MD5
f10a4d3469a3cfb8ef469d14bbbd3034
-
SHA1
f80c017a0eaba637b78ee472723e5f27aebb2c79
-
SHA256
8a5776f0dc1869efa02e2842c52fc645456050aaf981e520fcb768cb2f039c2f
-
SHA512
68072332a0fb31b2149561a418f9a172de034dafbdf9d8d64eab79010845460bf98ed0573e014b6e50bae3a76e49590700e158b05e3ab6d875000a31a5591985
-
SSDEEP
12288:mh3Hz9Hez0l7jmUCVgYrGCBB6R0EwLtWwe2:YHJvl+6YT36R0EwLIwe2
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-