Overview

overview

10

Static

static

10

6dcf8baea0...18.dll

windows7-x64

10

6dcf8baea0...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6dcf8baea04fda87a96b3a137ea4dbfc_JaffaCakes118

  • Size

    136KB

  • MD5

    6dcf8baea04fda87a96b3a137ea4dbfc

  • SHA1

    19ed57597ebb7649e76076c1531f2d665b551435

  • SHA256

    6ca1498b43435ae08ce08a4cffce0fcfe660bdd907a48eda0dc7a663f4c971a7

  • SHA512

    33e252f7a262d1c7d6fb0d1792381a9295a0d81ff9191298989f1e01de9d7d3d560804131abd1d265618b46254d2fae18e7c8e8cc6f7efcc36880571beb2b2eb

  • SSDEEP

    1536:AKQJDzynl8pck/VxhNRjJrBbQ2oTPycJFtNmQ/IOEnToIfwTToqMV29ic:jnl1kNxhN1J9c2oTzJHNfxoTBfwEVA

Score
10/10
tr1632817399qakbot

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1632817399

C2

105.198.236.99:443

140.82.49.12:443

37.210.152.224:995

89.101.97.139:443

81.241.252.59:2078

27.223.92.142:995

81.250.153.227:2222

73.151.236.31:443

47.22.148.6:443

122.11.220.212:2222

120.151.47.189:443

199.27.127.129:443

216.201.162.158:443

136.232.34.70:443

76.25.142.196:443

181.118.183.94:443

120.150.218.241:995

185.250.148.74:443

95.77.223.148:443

75.66.88.33:443
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Signatures

  • Qakbot family
    qakbot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 6dcf8baea04fda87a96b3a137ea4dbfc_JaffaCakes118
    .dll regsvr32 windows:6 windows x86 arch:x86


    Headers

    Exports

    Sections