Overview
overview
10Static
static
Accounting.lnk
windows7-x64
3Accounting.lnk
windows10-2004-x64
3maliciousl...na.dll
windows7-x64
10maliciousl...na.dll
windows10-2004-x64
10maliciousl...ss.cmd
windows7-x64
1maliciousl...ss.cmd
windows10-2004-x64
1maliciousl...tor.js
windows7-x64
3maliciousl...tor.js
windows10-2004-x64
1General
-
Target
Accounting#1737.iso
-
Size
1.4MB
-
Sample
220927-vnjfbsfagp
-
MD5
e085d7155cf7d71497c5d805a2ef4e74
-
SHA1
e9e10cd172e6b393e45485872e43ceaa072537aa
-
SHA256
199e0fe45d95b255e25cfefd21f9689396bb925493cbccc3951c1c2414fe8e31
-
SHA512
22f1b97544efb7d0baee67a0ea857fd5dbe661617f100014479f63c42d9d03098935a62be391511e2f7f0a5230c968c99b247d152d6e63dba5a0112ec6bf5b1b
-
SSDEEP
24576:CVPl57rJCnz6zTz+qAl5w9MAqsdjcMGz:ChtOqPHcM
Static task
static1
Behavioral task
behavioral1
Sample
Accounting.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Accounting.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
maliciously/argentina.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
maliciously/argentina.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
maliciously/massifsTorturousness.cmd
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
maliciously/massifsTorturousness.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
maliciously/undercutTestator.js
Resource
win7-20220901-en
Behavioral task
behavioral8
Sample
maliciously/undercutTestator.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
qakbot
403.895
BB
1664292185
212.102.56.47:443
189.189.89.32:443
85.245.143.94:443
110.238.39.214:443
185.233.79.238:995
85.94.178.73:995
193.3.19.137:443
193.254.32.156:443
154.237.49.4:995
41.104.77.244:443
181.206.46.7:443
186.16.163.94:443
75.71.96.226:995
179.111.23.186:32101
41.97.65.83:443
41.105.89.30:443
85.86.242.245:443
181.105.32.5:443
197.41.235.69:995
103.173.121.17:443
41.99.36.158:443
49.205.197.13:443
41.227.228.31:443
197.203.145.251:443
41.249.123.100:995
41.69.236.243:995
197.160.22.10:443
134.35.12.64:443
217.165.146.223:993
113.170.223.53:443
118.174.89.216:443
160.177.207.113:8443
41.107.112.236:995
105.96.207.25:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
Accounting.lnk
-
Size
1KB
-
MD5
040f242254de5cfd7c22f94f63cdd279
-
SHA1
0af3db040791ff5c2084b7588aaa7c0c4c40f338
-
SHA256
b5e6cb534363ee26bb64ecc1b0523803912fc84280df3cbeedfadd10773235c9
-
SHA512
c255b507efc169d98f858f86ef0d4c3ab88dd440143d857321da0aec849f4c937dc8719f5749443a0b7887c653a1ccee715b27ba91dc7c2b2dc61a414ab0509f
Score3/10 -
-
-
Target
maliciously/argentina.db
-
Size
1.1MB
-
MD5
f533e6c66d8a458c97c2bd408757d481
-
SHA1
1e75151f247c76c7de272d20138aadb921323fba
-
SHA256
b7e432ebcbff1842f6639e6cc8ba2cca6a7ebe6374d40fda88b9de0fa920b225
-
SHA512
05bff106715af50eda60e2f9fe5347b6585ab53830d7bd7fb1a08820d87324cff770fd9e07f2d1273f2a461748a84a262f2060332a8961456e672c983aebbc62
-
SSDEEP
12288:hTNDT7Pi5+57H2VR2J4bi4XXkM6ZlPK9912W0TFz+L2AUn0jggyi5UT+QD1lNMAL:ZVPl57rJCnz6zTz+qAl5w9MA
-
-
-
Target
maliciously/massifsTorturousness.cmd
-
Size
50B
-
MD5
7c5b9dc6fed6c8ff6db8cf954170de13
-
SHA1
bf647b4deb62a30ded339a1bd2a278a582aa956a
-
SHA256
f5215cb6dbd3f10e382f600ab31eb94cf41cda7b3649197e865b52674a94ab5d
-
SHA512
5ef894f3d412f3f44cab2da4f71c492a19e8f3b7425da8596a91b85f445f6597b958bf0232bce1150cef31146fb5977e03983b4b58dbfcbf6115c2cb5644caa3
Score1/10 -
-
-
Target
maliciously/undercutTestator.js
-
Size
228B
-
MD5
03784779bbbe57ebaaf7e4fcb29e9f36
-
SHA1
18a73861dcd63f3a20570bff0abb35cc71fe9e25
-
SHA256
61e0c6effda57ebed69e34c07ab2330cd312529aa498683503486347d53d2bae
-
SHA512
da8414cd28fec47e2471e96ec96059ad2dd1961644436592d575dcb2853502a9b0381636bcc9d6193ac2e68e7aaa84e40514aee7398c17b4b1e035a1373f0d1f
Score3/10 -