General
-
Target
Correos Maliciosos.rar
-
Size
190KB
-
Sample
210219-f99slwglyx
-
MD5
fbdfc897b5020fe93a8ce14854ee915f
-
SHA1
6d6c47c9fc20ca6f04b73a9468d6c9275cadae7e
-
SHA256
a7fcf4db18ca60e8cf3db3a2c3e1525e4cf4f2dbee71e24eeb454e95af2d28cb
-
SHA512
2efa64876d660b3e196235d735e007c70edc6ea00afb996657555a2bc33f7ee9f00d50a7ad51c21e33192ad4a3306123dc8c2a59f832044d17c891b81c4b8a8d
Behavioral task
behavioral1
Sample
document-1550330529.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
document-1550330529.xls
Resource
win10v20201028
Behavioral task
behavioral3
Sample
document-910135933.xls
Resource
win7v20201028
Behavioral task
behavioral4
Sample
document-910135933.xls
Resource
win10v20201028
Behavioral task
behavioral5
Sample
document-352528369.xls
Resource
win7v20201028
Behavioral task
behavioral6
Sample
document-352528369.xls
Resource
win10v20201028
Malware Config
Extracted
https://ishikapress.com/ds/1802.gif
Extracted
qakbot
tr
1613385567
78.63.226.32:443
197.51.82.72:443
193.248.221.184:2222
95.77.223.148:443
71.199.192.62:443
77.211.30.202:995
80.227.5.69:443
77.27.204.204:995
81.97.154.100:443
173.184.119.153:995
38.92.225.121:443
81.150.181.168:2222
90.65.236.181:2222
83.110.103.152:443
73.153.211.227:443
188.25.63.105:443
89.137.211.239:995
202.188.138.162:443
98.173.34.212:995
87.202.87.210:2222
195.12.154.8:443
47.217.24.69:6881
182.48.193.200:443
108.160.123.244:443
96.57.188.174:2222
45.118.216.157:443
84.72.35.226:443
172.115.177.204:2222
86.236.77.68:2222
82.127.125.209:990
176.181.247.197:443
97.69.160.4:2222
90.101.117.122:2222
189.223.201.91:443
140.82.49.12:443
2.7.69.217:2222
83.110.12.140:2222
85.132.36.111:2222
197.45.110.165:995
149.28.99.97:995
45.63.107.192:2222
149.28.98.196:2222
149.28.99.97:2222
144.202.38.185:443
149.28.99.97:443
45.63.107.192:443
45.63.107.192:995
144.202.38.185:2222
149.28.101.90:995
149.28.101.90:2222
149.28.101.90:8443
45.32.211.207:8443
149.28.98.196:995
149.28.98.196:443
45.32.211.207:995
149.28.101.90:443
207.246.77.75:443
45.77.115.208:8443
207.246.77.75:995
207.246.77.75:2222
45.32.211.207:2222
45.32.211.207:443
45.77.115.208:995
144.202.38.185:995
45.77.115.208:2222
207.246.116.237:8443
207.246.116.237:2222
207.246.77.75:8443
207.246.116.237:995
207.246.116.237:443
45.77.117.108:443
45.77.117.108:995
45.77.117.108:8443
45.77.117.108:2222
45.77.115.208:443
89.3.198.238:443
2.232.253.79:995
73.25.124.140:2222
136.232.34.70:443
157.131.108.180:443
217.133.54.140:32100
195.43.173.70:443
86.98.93.124:2078
176.205.222.30:2078
105.96.8.96:443
50.29.166.232:995
27.223.92.142:995
119.153.62.76:3389
47.187.115.228:443
67.6.12.4:443
65.27.228.247:443
23.240.70.80:995
216.201.162.158:443
139.216.137.189:995
64.121.114.87:443
79.129.121.81:995
172.87.157.235:3389
75.118.1.141:443
75.136.26.147:443
96.250.60.138:443
50.244.112.106:443
115.133.243.6:443
47.196.192.184:443
45.46.53.140:2222
105.198.236.101:443
144.139.166.18:443
196.151.252.84:443
71.197.126.250:443
196.221.207.137:995
71.117.132.169:443
74.68.144.202:443
76.25.142.196:443
98.240.24.57:443
144.139.47.206:443
86.245.46.27:2222
173.21.10.71:2222
78.97.207.104:443
86.220.60.133:2222
69.245.102.225:443
94.53.92.42:443
71.74.12.34:443
84.247.55.190:8443
173.25.45.66:443
46.153.55.149:995
78.22.58.205:3389
105.198.236.99:443
24.152.219.253:995
82.76.47.211:443
189.223.234.23:995
96.37.113.36:993
47.187.74.181:443
50.25.89.74:443
174.104.31.209:443
199.19.117.131:443
201.143.235.13:443
189.146.183.105:443
181.48.190.78:443
189.223.97.175:443
47.22.148.6:443
173.70.165.101:995
74.222.204.82:995
75.67.192.125:443
32.210.98.6:443
106.51.52.111:443
59.90.246.200:443
70.49.88.199:2222
186.28.51.27:443
98.252.118.134:443
209.210.187.52:995
189.210.115.207:443
Extracted
https://mygrandmomskitchen.com/ds/1802.gif
Extracted
https://casadodestino.com/ds/1802.gif
Targets
-
-
Target
document-1550330529.xls
-
Size
88KB
-
MD5
f702f05f75fbde10384efefbdb305592
-
SHA1
54865fdf009d216932a0eaa2ed053a39f49dcc29
-
SHA256
35d1ccc69c4367606be744c74d09b9a39ec8b3b44d562f25fed272f22815ad9f
-
SHA512
b755744f84fa5d374abda9f465f084101912ee9af7b7241ba7a9af61e0b06aa26b4dc1e5a9985f9bed0b1283df6ae44e9dab5c42a3a5751a14364501fc7ba7d0
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
document-910135933.xls
-
Size
88KB
-
MD5
814282f1d7fd479acd82713add78e6c6
-
SHA1
0a8b3f73bad2b6c0ec9b5baf348d1734f809f4ab
-
SHA256
76aa36a044f5bce1d9bed46da22c92670ed558caf67745e5c1fa351710e8bb1d
-
SHA512
8994cb14a450b2ca9b03af6f8c698e38d4e5cfe88246b9d996dc25fc570e3c3a6e7102ad7e30e07f50f68d344b58a43a1bb82a73ff015ccd7bd5b64aa94a1e00
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
-
-
Target
document-352528369.xls
-
Size
88KB
-
MD5
bc2c7b5000c97d90fb90ca2ee4b42484
-
SHA1
7c70c29f8454d23690c4a305c35da5939b2f21da
-
SHA256
559fd631dce1aaf66ea3ba6590a583c749c92fc95c5eb2e10ef8eeb1ef9f27a0
-
SHA512
86083eb10ad4cf01fcc556920b4e7cb94741f970d52640977a78efec5ce9f073a4a6acf8303acec42356ec141e6d6f35304b1b14c6daab3c75551b800667bc53
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-