General
-
Target
sample-324887-0a7ab9da9997bf3f75ec4549a9b9daf0.zip
-
Size
133KB
-
Sample
201205-2qd6xkqxgx
-
MD5
4baa3fa2bc6c6a5058e369232a4b2cdc
-
SHA1
32fa18326909effcaaa8c5a91fa9403e4eb93001
-
SHA256
8edc4c2dd797397d883e6f73866939f182dde407b270ae7655b17bf55dfb0902
-
SHA512
e25f8655bfd686c0266976df07e4a02269972e83ecd41e31e33e2fb1e54608a91d2a14b97899ad82cf94542b00cff8dc96a461844af3aa6a54057bcfdb159fe1
Static task
static1
Behavioral task
behavioral1
Sample
Vuu0hnOqjF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Vuu0hnOqjF.exe
Resource
win10v20201028
Malware Config
Extracted
smokeloader
2020
http://cent.live/
Extracted
qakbot
tr01
1604997522
122.61.213.85:443
2.50.89.119:995
189.183.201.0:443
86.98.145.152:2222
96.241.66.126:443
90.101.117.122:2222
94.69.112.148:2222
81.150.181.168:2222
82.127.125.209:2222
81.214.126.173:2222
86.140.82.116:20
172.87.157.235:443
176.181.247.197:443
78.97.110.47:443
5.15.90.117:2222
41.206.131.156:443
151.73.112.67:443
82.127.125.209:990
197.45.110.165:995
81.133.234.36:2222
37.6.222.192:995
118.100.108.25:443
86.97.162.141:2222
74.129.26.119:443
37.116.152.122:2222
92.154.83.96:1194
45.32.154.10:443
45.63.107.192:443
207.246.75.201:443
59.99.38.231:443
45.63.107.192:2222
195.97.101.40:443
45.63.107.192:995
199.247.16.80:443
199.247.22.145:443
80.240.26.178:443
108.52.39.68:443
203.106.195.67:443
2.50.143.154:2222
73.166.10.38:443
84.232.252.202:2222
47.146.39.147:443
69.40.22.180:443
73.239.229.107:995
71.187.177.20:443
50.244.112.90:443
67.61.157.208:443
45.118.65.34:443
217.128.117.218:2222
47.22.148.6:443
50.82.55.69:443
75.136.40.155:443
82.76.47.211:443
68.186.192.69:443
71.187.170.235:443
2.50.244.155:443
80.14.209.42:2222
196.204.207.111:443
78.132.115.83:6881
180.233.150.134:443
185.163.221.77:2222
41.206.131.166:443
149.28.99.97:2222
149.28.99.97:443
149.28.99.97:995
117.199.12.148:443
83.110.12.0:2222
2.50.110.49:2078
93.86.252.177:995
79.113.242.120:443
68.174.15.223:443
94.52.160.116:443
41.205.16.176:443
84.117.176.32:443
217.133.54.140:32100
185.105.131.233:443
87.27.110.90:2222
77.159.149.74:443
105.101.88.222:443
185.246.9.69:995
188.25.24.21:2222
2.90.127.64:443
86.97.191.98:2222
31.5.168.31:443
41.225.13.128:8443
24.205.42.241:443
41.97.173.199:443
105.198.236.101:443
190.220.8.10:995
197.161.154.132:443
24.90.129.73:443
120.150.34.178:443
122.60.99.107:443
27.223.92.142:995
96.41.93.96:443
109.209.94.165:2222
189.231.189.64:443
58.179.21.147:995
2.51.153.24:443
149.135.101.20:443
74.135.122.35:443
82.127.125.209:22
96.21.251.127:2222
98.116.20.194:443
39.32.61.193:995
173.173.1.164:443
109.205.204.229:2222
78.96.199.79:443
73.136.242.114:443
198.2.35.226:2222
156.205.170.226:995
117.197.231.67:443
41.227.93.43:443
89.136.39.108:443
207.246.70.216:443
45.32.165.134:443
45.32.162.253:443
140.82.27.132:443
37.106.36.31:995
45.63.104.123:443
63.155.67.114:995
96.30.198.161:443
95.179.247.224:443
188.27.32.167:443
108.31.15.10:995
81.88.254.62:443
184.66.18.83:443
73.55.254.225:443
184.98.97.227:995
216.215.77.18:2222
5.32.41.46:443
144.139.230.139:443
69.47.26.41:443
197.86.204.198:443
72.241.205.69:443
89.137.211.239:443
86.122.246.127:2222
197.47.160.202:995
24.137.76.62:995
86.248.30.56:2222
31.5.21.66:443
212.70.107.59:995
2.7.202.106:2222
72.36.59.46:2222
71.238.211.125:443
2.181.78.140:2222
81.97.154.100:443
47.44.217.98:443
Targets
-
-
Target
Vuu0hnOqjF.exe
-
Size
340KB
-
MD5
0a7ab9da9997bf3f75ec4549a9b9daf0
-
SHA1
d5ffba8afc0cccf2a3194c572db74605dd8879d3
-
SHA256
1a78aaf6aae3b9d9a32dc6c8cfe9182043f71a3d44e727464ab95a70fc24bbe8
-
SHA512
3f03bd23458e05469df1623e55a71b6bdad1c7a9af2bf8e7f8750406bd17e759d8b1049ed1531aeee9da503fa86d692bc29ec1a94126be6ff20b647e2840ffbe
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-