General
-
Target
Document_1028174287-Copy.xls
-
Size
54KB
-
Sample
201214-amarewlhk2
-
MD5
08037f2bf6b8fe9ae8c245903af45729
-
SHA1
2836aa101a02a284c6df9ed17bd092f25c34f80f
-
SHA256
586bd4e1f5f41569b260ce6cc6b5243bee2209c35915d1a3050cf4196c6133eb
-
SHA512
2e0ffec3933f66b623e2eded690497115f251036d282dc915721b61175164eeb0573a1c4706b1f84453c9286ff1b8c3f7a1756fdd41d532dcf8e9dc24c22dc1e
Static task
static1
Behavioral task
behavioral1
Sample
Document_1028174287-Copy.xls
Resource
win7v20201028
Malware Config
Extracted
qakbot
abc112
1607942962
66.26.160.37:443
84.78.128.76:2222
45.250.69.150:443
108.31.15.10:995
50.244.112.10:995
47.146.34.236:443
24.95.61.62:443
31.5.21.66:995
59.99.37.134:443
79.115.134.161:443
39.57.127.126:995
120.151.95.167:443
47.44.217.98:443
32.212.117.188:443
37.21.231.245:995
184.97.145.239:443
86.121.3.80:443
83.110.97.149:443
83.194.193.247:2222
78.101.158.1:61201
105.198.236.101:443
80.106.85.24:2222
35.134.202.234:443
189.62.175.92:22
2.89.122.157:443
72.66.47.70:443
79.166.96.86:2222
85.186.122.190:443
35.139.242.207:443
45.77.115.208:443
94.52.160.116:443
83.110.109.78:2222
78.187.125.116:2222
5.204.148.208:995
51.235.149.29:443
86.121.43.200:443
89.137.211.239:995
105.184.50.206:443
188.54.137.91:995
80.14.22.234:2222
82.76.47.211:443
39.62.9.240:443
37.107.76.36:995
78.63.226.32:443
5.15.109.245:443
2.49.219.254:22
89.137.77.237:443
77.27.174.49:995
149.135.101.20:443
87.238.133.190:995
58.179.21.147:995
207.255.18.67:443
109.242.141.177:995
111.95.212.237:2222
122.148.156.131:995
76.167.240.21:443
103.102.100.78:2222
85.105.29.218:443
84.232.252.202:2222
109.205.204.229:2222
197.161.154.132:443
103.110.6.151:2087
80.195.103.146:2222
198.2.35.226:2222
191.84.8.167:443
86.121.41.112:443
92.154.83.96:1194
156.222.8.50:995
161.142.217.62:443
66.25.168.167:2222
200.44.237.189:2222
219.76.148.249:443
149.28.101.90:2222
149.28.99.97:995
144.202.38.185:995
45.63.107.192:995
149.28.101.90:995
149.28.98.196:443
144.202.38.185:443
45.63.107.192:443
149.28.99.97:2222
149.28.98.196:995
144.202.38.185:2222
149.28.99.97:443
85.132.36.111:2222
45.63.107.192:2222
45.118.216.157:443
149.28.98.196:2222
154.238.37.26:995
156.213.217.254:443
116.240.78.45:995
45.118.65.34:443
160.3.184.253:443
197.82.221.199:443
174.62.13.151:443
41.39.134.183:443
79.129.252.62:2222
2.50.2.216:443
102.187.59.94:443
85.101.187.146:443
51.223.138.251:443
71.117.132.169:443
217.162.149.212:443
140.82.49.12:443
90.201.21.58:443
81.214.126.173:2222
2.50.88.125:995
84.117.176.32:443
117.215.228.237:443
78.181.19.134:443
92.154.83.96:2078
2.50.2.146:995
182.161.6.57:3389
47.22.148.6:995
86.245.82.249:2078
92.154.83.96:2087
24.179.13.119:443
125.63.101.62:443
216.201.162.158:443
2.51.240.250:995
151.60.38.21:443
185.163.221.77:2222
205.178.7.90:443
102.185.13.89:443
31.5.174.173:443
189.183.209.65:443
96.241.66.126:443
82.12.157.95:995
92.59.35.196:2083
151.73.121.136:443
93.148.241.179:2222
78.96.199.79:443
105.198.236.99:443
78.97.3.6:443
197.49.240.8:995
79.113.119.125:443
134.228.24.29:443
46.53.0.32:443
200.38.254.177:443
178.191.126.94:465
2.50.57.224:443
184.98.97.227:995
80.11.5.65:2222
203.106.195.67:443
203.106.116.190:443
96.225.88.23:443
110.142.205.182:443
2.50.49.18:443
41.228.245.41:443
211.24.72.253:443
Targets
-
-
Target
Document_1028174287-Copy.xls
-
Size
54KB
-
MD5
08037f2bf6b8fe9ae8c245903af45729
-
SHA1
2836aa101a02a284c6df9ed17bd092f25c34f80f
-
SHA256
586bd4e1f5f41569b260ce6cc6b5243bee2209c35915d1a3050cf4196c6133eb
-
SHA512
2e0ffec3933f66b623e2eded690497115f251036d282dc915721b61175164eeb0573a1c4706b1f84453c9286ff1b8c3f7a1756fdd41d532dcf8e9dc24c22dc1e
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-