General
-
Target
file
-
Size
43KB
-
Sample
201208-nwn7fc2dss
-
MD5
596d8f44c22d0770acc34e6ae5ac1b62
-
SHA1
f007479e9ed2526a8c0f9d25251c0ea4a0568ca7
-
SHA256
7e927e013a901b90ef8f96af25e39d4fedc6ba6f64785a3e8290a4c2bd2c5d51
-
SHA512
964c5840b004283df7dd9c6fddb8a9ca88508d1acf798cd33b24f5f438fda6cf5508bc34972cf07c8eb5f9110cbc624d3848e839a2688829a4ddace8f33b92c4
Static task
static1
Behavioral task
behavioral1
Sample
file.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
file.xls
Resource
win10v20201028
Malware Config
Extracted
qakbot
abc108m
1607356318
92.59.35.196:2083
2.89.122.180:995
78.181.19.134:443
5.193.175.76:2078
24.139.72.117:443
62.38.114.12:2222
2.51.240.250:995
174.62.13.151:443
189.210.115.207:443
71.197.126.250:443
187.7.236.197:995
187.149.126.53:443
96.247.180.108:443
174.55.197.4:443
187.190.250.175:443
24.206.4.203:2222
72.36.11.22:443
197.135.240.243:443
216.137.142.200:2222
160.3.184.253:443
186.189.208.238:443
84.232.252.202:2222
106.51.85.162:443
120.151.95.167:443
74.124.191.6:443
108.46.145.30:443
75.136.40.155:443
184.21.136.237:995
68.186.192.69:443
185.105.131.233:443
185.138.134.114:443
24.43.22.220:993
187.192.151.3:443
94.69.242.254:2222
141.193.83.107:443
187.213.105.132:995
93.113.177.152:443
151.27.88.197:443
97.69.160.4:2222
77.30.79.74:443
172.87.134.226:443
94.52.160.116:443
161.199.180.159:443
87.27.110.90:2222
86.162.13.35:2222
67.82.244.199:2222
185.163.221.77:2222
94.59.236.155:995
84.117.176.32:443
71.182.142.63:443
196.151.252.84:443
67.177.196.177:0
197.51.82.115:995
72.240.200.181:2222
105.198.236.101:443
81.214.126.173:2222
67.237.68.126:2222
185.125.151.138:443
197.45.110.165:995
149.28.101.90:443
73.32.115.251:443
196.204.207.111:443
109.115.125.81:50000
185.246.9.69:995
78.96.199.79:443
172.87.157.235:3389
72.36.59.46:2222
47.146.34.236:443
24.27.82.216:2222
24.95.61.62:443
73.55.254.225:443
24.179.13.119:443
32.212.117.188:443
87.218.53.206:2222
63.155.29.193:995
71.163.223.144:443
184.97.145.239:443
176.45.218.26:995
24.201.61.153:2078
151.33.226.156:443
78.101.158.1:61201
173.18.126.193:2222
90.101.62.189:2222
65.131.41.96:995
178.87.18.221:443
99.244.210.10:443
83.202.68.220:2222
80.195.103.146:2222
180.233.150.134:443
96.225.88.23:443
96.41.93.96:443
110.142.205.182:443
41.228.242.14:443
37.106.7.7:443
47.44.217.98:443
174.87.65.179:443
202.185.199.172:443
85.204.189.105:443
90.53.103.229:2222
86.122.248.164:2222
86.99.134.235:2222
164.155.230.98:443
208.99.100.129:443
216.201.162.158:443
193.83.25.177:995
80.106.85.24:2222
24.178.196.158:443
109.154.193.21:2222
172.78.30.215:443
67.141.11.98:443
80.14.22.234:2222
73.51.245.231:995
37.116.152.122:2078
96.40.175.33:443
2.90.124.155:995
70.45.219.126:443
193.248.154.174:2222
162.157.19.33:2222
189.252.62.238:995
109.205.204.229:2222
37.210.255.225:8443
78.132.96.100:6881
5.15.54.40:443
208.93.202.41:443
120.150.218.241:995
41.39.134.183:443
120.150.218.241:443
116.240.78.45:995
184.179.14.130:22
109.209.94.165:2222
109.93.245.93:995
199.116.241.147:443
83.114.243.80:2222
82.12.157.95:995
2.50.56.81:443
47.21.192.182:2222
78.97.207.104:443
98.240.24.57:443
77.211.30.202:995
184.98.97.227:995
79.113.119.125:443
93.146.133.102:2222
174.76.21.134:443
190.85.91.154:443
85.132.36.111:2222
96.21.251.127:2222
58.179.21.147:995
98.124.76.187:443
86.121.3.80:443
78.97.110.47:443
Targets
-
-
Target
file
-
Size
43KB
-
MD5
596d8f44c22d0770acc34e6ae5ac1b62
-
SHA1
f007479e9ed2526a8c0f9d25251c0ea4a0568ca7
-
SHA256
7e927e013a901b90ef8f96af25e39d4fedc6ba6f64785a3e8290a4c2bd2c5d51
-
SHA512
964c5840b004283df7dd9c6fddb8a9ca88508d1acf798cd33b24f5f438fda6cf5508bc34972cf07c8eb5f9110cbc624d3848e839a2688829a4ddace8f33b92c4
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-