General
-
Target
eeb4645f23f84d8aece99cb4bdb32f735e69582e5f84c451d87d1e2e21d1a5fa
-
Size
502KB
-
Sample
220201-c9vrdafefp
-
MD5
98ae6e7fbcd391e42a2a36b7bd53f99e
-
SHA1
9bf453f13814727bb17a3fe2e33de9886c059135
-
SHA256
eeb4645f23f84d8aece99cb4bdb32f735e69582e5f84c451d87d1e2e21d1a5fa
-
SHA512
ff23798583f689fc0a94409ef9fa87447e26f39570a32df2c02cb390ef2828269f9b6bf2a46fb0a8a0f809344d2955a0143ce3776d852282ab8c85b385e4f89e
Static task
static1
Behavioral task
behavioral1
Sample
eeb4645f23f84d8aece99cb4bdb32f735e69582e5f84c451d87d1e2e21d1a5fa.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
eeb4645f23f84d8aece99cb4bdb32f735e69582e5f84c451d87d1e2e21d1a5fa.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
qakbot
322.731
hhh07
1552409511
Protocol: ftp- Host:
192.185.5.208 - Port:
21 - Username:
logger@dustinkeeling.com - Password:
NxdkxAp4dUsY
Protocol: ftp- Host:
162.241.218.118 - Port:
21 - Username:
logger@misterexterior.com - Password:
EcOV0DyGVgVN
Protocol: ftp- Host:
69.89.31.139 - Port:
21 - Username:
cpanel@vivekharris-architects.com - Password:
fcR7OvyLrMW6!
Protocol: ftp- Host:
169.207.67.14 - Port:
21 - Username:
cpanel@dovetailsolar.com - Password:
eQyicNLzzqPN
71.80.84.55:443
70.25.63.178:2222
190.120.196.18:443
192.226.157.108:993
76.122.104.20:443
50.247.230.33:443
69.249.141.152:443
69.70.37.246:465
45.50.227.169:995
199.36.199.104:443
66.171.24.252:443
96.20.84.208:443
24.200.91.146:2222
98.225.141.232:443
76.98.158.47:443
74.68.50.163:443
68.59.209.183:995
69.254.30.75:443
78.94.55.26:50003
216.221.73.45:993
70.53.99.56:32101
67.52.109.170:995
76.69.238.238:2222
200.75.252.82:443
75.119.227.45:443
174.89.17.43:443
216.221.73.45:465
82.210.149.155:443
72.194.226.99:2083
216.8.166.242:443
76.168.149.66:443
189.135.113.6:443
208.69.72.135:2222
187.233.56.240:443
69.70.37.246:993
75.170.63.3:2222
144.172.181.63:2222
69.75.254.182:443
70.49.35.92:2222
64.228.72.40:2222
70.53.99.56:2222
50.198.141.161:2078
104.173.33.43:443
70.183.177.22:61202
65.153.32.170:995
173.79.220.2:443
181.228.59.89:995
173.61.181.46:995
69.70.37.246:995
187.227.11.205:0
189.169.7.116:443
187.212.141.122:443
76.71.187.25:2222
174.88.1.94:2222
71.213.14.236:995
65.94.237.84:995
70.27.40.114:2222
67.71.45.168:2222
104.221.98.208:2222
68.14.210.246:22
66.222.88.126:995
207.134.207.44:443
68.147.26.96:443
108.189.84.199:2222
41.202.79.201:993
70.183.177.22:995
68.149.110.62:50010
24.173.61.30:443
68.102.37.211:995
65.116.179.83:443
207.178.109.161:443
70.183.154.153:995
71.198.244.191:2222
190.161.245.225:443
173.173.167.129:995
184.180.157.203:2222
24.76.123.171:2222
174.48.72.160:443
173.168.105.213:443
192.198.85.26:443
62.0.67.88:443
174.89.90.96:2222
162.237.221.101:443
190.120.196.18:995
190.120.196.18:50002
190.120.196.18:1194
189.155.76.117:443
189.163.252.64:443
148.240.66.99:6881
104.3.91.20:995
181.119.30.36:443
83.110.108.131:443
173.173.167.129:443
71.197.126.250:443
187.192.41.60:443
2.50.156.213:443
216.221.73.45:2222
69.77.200.26:443
69.57.123.218:443
24.200.41.36:443
98.16.17.60:443
173.70.165.101:995
47.214.144.253:443
108.49.108.127:443
190.120.196.18:993
204.193.7.206:443
71.171.94.146:443
47.180.18.14:443
179.27.125.34:443
76.69.84.83:2222
67.170.254.170:443
173.178.129.3:443
64.228.72.40:2078
64.201.125.172:443
98.181.182.13:2078
24.46.146.0:8443
76.93.183.98:443
50.125.73.88:443
70.176.230.125:443
189.159.21.5:443
201.152.195.81:993
186.101.203.154:2222
189.236.133.27:995
63.240.143.80:443
109.116.196.199:443
173.178.129.3:990
216.221.73.45:995
98.235.130.145:8443
187.229.55.17:443
189.209.167.173:995
47.48.236.98:2222
98.183.37.64:995
188.121.217.194:443
24.131.82.168:443
65.185.102.19:443
184.64.192.225:443
70.53.99.56:2078
96.20.94.194:2222
187.250.82.199:995
208.163.184.129:443
74.137.237.228:443
70.53.99.56:8443
207.167.7.141:443
68.196.193.221:443
70.53.99.56:61200
38.133.55.60:443
Targets
-
-
Target
eeb4645f23f84d8aece99cb4bdb32f735e69582e5f84c451d87d1e2e21d1a5fa
-
Size
502KB
-
MD5
98ae6e7fbcd391e42a2a36b7bd53f99e
-
SHA1
9bf453f13814727bb17a3fe2e33de9886c059135
-
SHA256
eeb4645f23f84d8aece99cb4bdb32f735e69582e5f84c451d87d1e2e21d1a5fa
-
SHA512
ff23798583f689fc0a94409ef9fa87447e26f39570a32df2c02cb390ef2828269f9b6bf2a46fb0a8a0f809344d2955a0143ce3776d852282ab8c85b385e4f89e
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-