General
-
Target
document-1667641715.xls
-
Size
331KB
-
Sample
201127-6mnajc5f8n
-
MD5
4def4a85970d84f28f183b566edf4e12
-
SHA1
8b82bfda8155e60b72fab4c36c8a51131f85cce6
-
SHA256
63fb46ea82f83b08541b2e8e4088f5f8671c49f3e4797118c0619d152978c8f9
-
SHA512
2409e33676203f6a9d4e46101c3a7dcb3835e7c08c292d47c1e820444e68698f8751f7276f5aa3a0b3600f6c4f6b030f9b156eb3cffd99168fe012e099646dac
Static task
static1
Behavioral task
behavioral1
Sample
document-1667641715.xls
Resource
win7v20201028
Malware Config
Extracted
qakbot
tr02
1606301054
59.98.96.143:443
86.122.248.164:2222
101.185.175.169:2222
71.187.170.235:443
92.59.35.196:2222
188.52.193.110:995
90.175.88.99:2222
37.107.111.46:995
96.237.141.134:995
2.50.143.154:2078
109.205.204.229:2222
90.101.62.189:2222
41.228.220.155:443
190.128.215.174:443
188.26.243.119:443
79.113.247.80:443
82.76.47.211:443
73.248.120.240:443
72.36.59.46:2222
74.129.26.119:443
24.152.219.253:995
37.116.152.122:2222
83.202.68.220:2222
5.13.75.120:443
216.215.77.18:2078
24.122.0.90:443
197.135.88.225:995
73.55.254.225:443
68.192.50.231:443
188.24.155.168:443
116.240.78.45:995
50.244.112.90:443
140.82.27.132:443
178.87.29.72:443
201.152.196.4:443
174.101.35.214:443
83.110.220.105:443
194.243.78.225:443
45.32.162.253:443
2.49.219.254:22
45.32.165.134:443
71.126.139.251:443
72.186.1.237:443
105.96.27.117:443
77.27.174.49:995
70.124.29.226:443
113.22.243.219:443
89.32.220.24:443
71.182.142.63:443
84.224.55.148:995
151.60.51.86:443
69.123.179.70:443
94.69.112.148:2222
151.27.111.246:443
80.227.5.70:443
86.98.10.63:2222
219.76.148.249:443
80.14.22.234:2222
95.76.27.6:443
116.240.76.97:0
73.56.2.167:443
83.110.74.87:443
47.187.49.3:2222
58.152.9.133:443
85.105.29.218:443
77.30.214.26:443
78.187.125.116:2222
83.110.110.155:443
85.186.122.190:443
62.38.114.12:2222
71.74.12.34:443
2.50.143.154:2222
51.223.61.13:443
69.11.247.242:443
120.151.95.167:443
98.16.204.189:995
86.245.87.251:2222
108.31.15.10:995
64.185.5.157:443
86.248.30.56:2222
84.232.252.202:2222
64.121.114.87:443
84.78.128.76:2222
81.88.254.62:443
74.134.184.114:443
77.159.149.74:443
85.60.132.8:2222
72.28.255.159:995
68.46.142.48:995
72.66.47.70:443
47.146.39.147:443
109.154.186.39:2222
71.88.104.107:443
68.15.109.125:443
149.135.101.20:443
68.190.152.98:443
69.40.22.180:443
37.104.30.154:995
66.26.160.37:443
208.99.100.129:443
184.21.136.237:443
31.35.28.29:443
161.142.217.62:443
182.48.138.42:443
103.26.221.230:2222
86.97.162.141:2222
73.166.10.38:443
172.87.157.235:443
83.110.158.124:2222
2.89.183.206:443
96.241.66.126:443
83.110.74.169:443
86.98.89.75:2222
172.78.30.215:443
207.162.184.228:443
79.172.26.240:443
217.165.15.245:2222
24.205.33.145:6881
80.106.85.24:2222
197.82.221.226:443
106.51.52.111:443
80.195.103.146:2222
47.146.169.85:443
24.178.196.158:443
2.50.3.98:443
99.234.121.250:443
184.66.18.83:443
85.98.177.32:443
68.186.192.69:443
216.215.77.18:2222
199.116.241.147:443
24.39.132.106:2087
68.174.15.223:443
180.233.150.134:443
151.73.126.156:443
134.0.196.46:995
98.32.7.217:443
85.60.132.8:2078
154.177.173.23:995
217.162.149.212:443
90.65.164.106:2222
46.53.16.201:443
98.121.4.98:443
78.101.234.58:443
100.12.74.21:995
176.181.247.197:443
87.115.120.176:2222
24.55.66.125:443
50.209.125.234:995
72.179.13.59:443
Targets
-
-
Target
document-1667641715.xls
-
Size
331KB
-
MD5
4def4a85970d84f28f183b566edf4e12
-
SHA1
8b82bfda8155e60b72fab4c36c8a51131f85cce6
-
SHA256
63fb46ea82f83b08541b2e8e4088f5f8671c49f3e4797118c0619d152978c8f9
-
SHA512
2409e33676203f6a9d4e46101c3a7dcb3835e7c08c292d47c1e820444e68698f8751f7276f5aa3a0b3600f6c4f6b030f9b156eb3cffd99168fe012e099646dac
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-