General
-
Target
89cde7fa5c181f10cc9a21fb961f8de5_JaffaCakes118
-
Size
1.9MB
-
Sample
240601-jrnnnsef3z
-
MD5
89cde7fa5c181f10cc9a21fb961f8de5
-
SHA1
a1449eef635ae525e6ba3167f4978bbfde9c73fc
-
SHA256
3a1ec5cfa213479f5f7fc25d46672b489ab64d50e687253f6f388991b0c50b43
-
SHA512
a44b5af5c92fdeebd25de21a08b1ff8138d3092a6131f750f1ba01717c80d729da020e5778419835d1014b29c29951cca4d69eaf0456640c759727a4f495e7d0
-
SSDEEP
49152:j6rXNinXYXKRat360hlkGHkUxyHUfCllJ04MGo2GriKPgOU1eODlB:F
Malware Config
Extracted
qakbot
323.79
spx02
1567678709
50.78.93.74:995
50.46.131.145:443
98.236.87.243:443
72.179.13.59:443
73.226.220.56:443
75.177.172.209:6881
192.24.181.185:443
206.51.202.106:50002
108.184.57.213:443
67.10.18.112:993
162.244.225.30:443
47.23.101.26:993
47.136.226.219:443
96.20.238.2:2083
68.238.56.27:443
75.131.239.76:443
172.78.85.20:443
96.22.239.27:2222
76.71.76.131:32101
60.254.82.182:2078
Targets
-
-
Target
89cde7fa5c181f10cc9a21fb961f8de5_JaffaCakes118
-
Size
1.9MB
-
MD5
89cde7fa5c181f10cc9a21fb961f8de5
-
SHA1
a1449eef635ae525e6ba3167f4978bbfde9c73fc
-
SHA256
3a1ec5cfa213479f5f7fc25d46672b489ab64d50e687253f6f388991b0c50b43
-
SHA512
a44b5af5c92fdeebd25de21a08b1ff8138d3092a6131f750f1ba01717c80d729da020e5778419835d1014b29c29951cca4d69eaf0456640c759727a4f495e7d0
-
SSDEEP
49152:j6rXNinXYXKRat360hlkGHkUxyHUfCllJ04MGo2GriKPgOU1eODlB:F
Score10/10-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Turns off Windows Defender SpyNet reporting
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1