Overview
overview
10Static
static
Contract.lnk
windows7-x64
3Contract.lnk
windows10-2004-x64
3unbelt/fifty.dll
windows7-x64
10unbelt/fifty.dll
windows10-2004-x64
10unbelt/pre...ing.js
windows7-x64
3unbelt/pre...ing.js
windows10-2004-x64
1unbelt/tic...ly.cmd
windows7-x64
1unbelt/tic...ly.cmd
windows10-2004-x64
1General
-
Target
Contract#4299.iso
-
Size
1.1MB
-
Sample
220926-n6erjaafh3
-
MD5
0b6923383126a55a7d6f66dbc19c13e2
-
SHA1
16cf9eb8170858b14c81023c1c4409153a3041d5
-
SHA256
6f2ad3cbf94e38717fb4becdfe7bdeded42ef777879a55b596ae53d9442975be
-
SHA512
35e31867a5958fd153c12d8a48c4b6e73e8da769b73911c16e6750f03be9127d13ad8ec40410b5b12cd8a69782ae9dae87839f7bbef71c89ef77c3e3c74495ef
-
SSDEEP
12288:d39yPbTonKByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQzB5UT+QD1lNm:d39yPbToxnEjYNAeh4X668Jc5w9M+a
Static task
static1
Behavioral task
behavioral1
Sample
Contract.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Contract.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
unbelt/fifty.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
unbelt/fifty.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
unbelt/pressurizingFollowing.js
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
unbelt/pressurizingFollowing.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
unbelt/ticklingClinically.cmd
Resource
win7-20220901-en
Behavioral task
behavioral8
Sample
unbelt/ticklingClinically.cmd
Resource
win10v2004-20220812-en
Malware Config
Extracted
qakbot
403.895
BB
1663774884
70.49.33.200:2222
181.118.183.123:443
99.232.140.205:2222
31.54.39.153:2078
173.218.180.91:443
193.3.19.37:443
134.35.8.88:443
41.97.152.42:443
70.51.132.197:2222
41.111.74.35:995
189.19.189.222:32101
105.156.139.150:443
217.165.68.59:993
119.82.111.158:443
111.125.157.230:443
125.25.129.70:443
197.94.84.128:443
177.255.14.99:995
187.205.222.100:443
190.44.40.48:995
139.228.33.176:2222
191.97.234.238:995
66.181.164.43:443
88.245.168.200:2222
110.4.255.247:443
89.211.217.38:995
109.155.5.164:993
76.169.76.44:2222
72.88.245.71:443
197.204.243.167:443
68.53.110.74:995
41.69.103.179:995
68.224.229.42:443
100.1.5.250:995
194.166.205.204:995
88.232.207.24:443
14.183.63.12:443
89.211.223.138:2222
85.98.206.165:995
191.254.74.89:32101
72.66.96.129:995
176.42.245.2:995
186.154.92.181:443
88.231.221.198:995
102.38.97.229:995
45.51.148.111:993
87.243.113.104:995
84.38.133.191:443
123.240.131.1:443
191.84.204.214:995
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
Contract.lnk
-
Size
1KB
-
MD5
f3e825cec397bb04069f39ae8819d8c3
-
SHA1
6ddb23f253d793ddd8941576788233115b6b47df
-
SHA256
aa71ba24c476c5d51ddd54df09f3309ee767b1892b93ca4f035b43b8ef7dba7d
-
SHA512
9fb73edc4c609366cb1bbfe0a1fc3455d882275e3c78d7801f11ec9efdc4fc4f8b1854915dec3ce163b1a8d0d9ae3ce006e004001ca7d0ecb2d9bd7b9ebf9fa5
Score3/10 -
-
-
Target
unbelt/fifty.db
-
Size
849KB
-
MD5
747a50a101b528a155c8095f1aef0230
-
SHA1
7a8c734481c95117009c57c8c81e077a2a5c5d96
-
SHA256
01fd6e0c8393a5f4112ea19a26bedffb31d6a01f4d3fe5721ca20f479766208f
-
SHA512
d5da3700be5c84bcb3bd3700f48d021c4fae0b0c64e8cc8fdf06d8094a4d3a497acf2fafcc05b0f6dbfa2e3e7be6d0b62c08f0328808837791ec586b7a690582
-
SSDEEP
12288:VByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQzB5UT+QD1lNMAFa:SnEjYNAeh4X668Jc5w9M+a
-
-
-
Target
unbelt/pressurizingFollowing.js
-
Size
178B
-
MD5
0788ccab7dbd4bc1255203bcb92b5294
-
SHA1
47f0435e24c52ac8977be616970fe5b34491e7cf
-
SHA256
94259efd6a495de885df659739dc28267997983db1bb851b01178f0b2db4e254
-
SHA512
31bb50b028d72c47dae0dc9e91c1a05eb72d20e0b3346901c352555298b3df6180d2484c34b80294121055d633733d4e58bae774b1d32463cb54eb99cab1365a
Score3/10 -
-
-
Target
unbelt/ticklingClinically.cmd
-
Size
159B
-
MD5
5f63ecfa2af794cf8260c8768b1af01d
-
SHA1
0e404fdc2a2e8d9704466d0df90e557b2872c1c3
-
SHA256
edd410a471305ee263effa17653c161253e2984bbf7df6cd4f1dd18316ce50b3
-
SHA512
c25ebf2797bbe31041efd43e434a1a19b42c92055015f2d99285e9741c771db3b4c271351ae06f682264afe991daddbb10ab9198c58351cb2e68181f02d7f2d2
Score1/10 -