Overview
overview
10Static
static
Cancellation.lnk
windows7-x64
10Cancellation.lnk
windows10-2004-x64
10inexhausti...ic.dll
windows7-x64
10inexhausti...ic.dll
windows10-2004-x64
10inexhausti...es.cmd
windows7-x64
1inexhausti...es.cmd
windows10-2004-x64
1inexhausti...ss.jpg
windows7-x64
3inexhausti...ss.jpg
windows10-2004-x64
3General
-
Target
722752f2-1833-4ad1-925b-83dd054aa45d.zip
-
Size
467KB
-
Sample
221027-haxpksbcfm
-
MD5
af3f07d3b3cdf15fb6347556fe8792c0
-
SHA1
3dc414dc7aa383f85e3a859f4346667c61b959bb
-
SHA256
593c20dcf865d6b55cf7404869c92202071cb4d2972dc2784f96ff2730b59745
-
SHA512
6543e5a64fc763621793d69ff84e7e42537f01886fcc438ae29b0c907c3eee275b24611734b0cffac3251928b122fab3d5c74798fc9c5baf3031e75e946fd7e3
-
SSDEEP
12288:yZiYBwxjV/Z2W2norU30BfkMA5ubRECvGCV3QEz:ZWcjdcOEvMAgRECv31
Static task
static1
Behavioral task
behavioral1
Sample
Cancellation.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Cancellation.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
inexhaustive/cinematic.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
inexhaustive/cinematic.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
inexhaustive/mottles.cmd
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
inexhaustive/mottles.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
inexhaustive/waviness.jpg
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
inexhaustive/waviness.jpg
Resource
win10v2004-20220812-en
Malware Config
Extracted
qakbot
403.1051
obama217
1666765529
197.204.53.242:443
105.106.60.149:443
102.159.110.79:995
64.207.237.118:443
156.216.134.70:995
180.151.116.67:443
190.199.97.108:993
206.1.203.0:443
186.188.96.197:443
206.1.128.203:443
201.249.100.208:995
190.75.151.66:2222
198.2.51.242:993
90.165.109.4:2222
71.199.168.185:443
181.56.171.3:995
43.241.159.148:443
41.103.1.16:443
24.207.97.117:443
105.157.86.118:443
201.223.169.238:32100
47.14.229.4:443
70.60.142.214:2222
41.47.249.185:443
142.181.183.42:2222
41.62.165.152:443
41.97.205.96:443
41.97.14.60:443
151.213.183.141:995
75.84.234.68:443
186.18.210.16:443
41.96.204.196:443
64.123.103.123:443
186.48.174.77:995
152.170.17.136:443
160.176.151.70:995
78.179.135.247:443
191.33.187.192:2222
41.140.63.187:443
98.207.190.55:443
196.65.217.253:995
78.50.124.220:443
91.171.72.214:32100
186.154.189.162:995
101.109.44.197:995
97.92.4.205:8443
41.36.159.36:993
70.115.104.126:443
181.44.34.172:443
88.240.75.201:443
113.162.196.232:443
156.197.230.148:995
24.130.228.100:443
41.109.228.108:995
24.177.111.153:443
60.54.65.27:443
189.129.38.158:2222
190.203.51.133:2222
96.46.230.10:443
222.117.141.133:443
190.207.137.189:2222
208.78.220.120:443
105.108.133.151:443
41.104.155.245:443
65.140.11.170:443
184.159.76.47:443
105.98.223.169:443
190.201.145.155:443
197.0.225.39:443
41.101.193.38:443
105.155.151.29:995
196.207.146.151:443
190.37.112.223:2222
14.54.83.15:443
93.156.96.171:443
58.186.75.42:443
189.110.3.60:2222
186.18.77.99:443
41.107.78.169:443
149.126.159.224:443
156.196.169.222:443
190.100.149.122:995
1.0.215.176:443
202.5.53.143:443
206.1.199.156:2087
102.156.162.83:443
220.134.54.185:2222
88.132.109.147:443
190.29.228.61:443
41.101.183.90:443
94.36.5.31:443
102.184.30.42:443
102.187.63.127:995
190.33.87.140:443
187.198.16.39:443
62.46.231.64:443
42.116.54.220:443
197.244.142.102:443
190.203.106.109:2222
200.155.61.245:995
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
Cancellation.lnk
-
Size
1KB
-
MD5
cfea0776b9ffc000adbcc6512b1be19a
-
SHA1
89287d1b8ef4a921748135f6dddbc9c777482202
-
SHA256
d3604a839f8c26970f4b61d25a5a01cc5fce2a4ccb51d4a2f6e5bc0dca2b3078
-
SHA512
5ed6e623e1e55c2f587c5f8571ca8c94405961825d947c0de75524875ac5eb620039176403710042987656764db033eee215fdc2a927d6b816733f4e68535c15
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
inexhaustive/cinematic.dat
-
Size
420KB
-
MD5
68db6a42f0cd24b06b6b85fcc2e920a1
-
SHA1
c0b49c892a763963a013e9486d4386cbc459060f
-
SHA256
f57de92e2e651e8a0b41a620acce35afa554e285109f1c7c93b5639cec9c4f34
-
SHA512
78cf7b054f4482e53ba8ec2075604a557074cb995b5edcee2775d098689201010f3a103b73d51e2dbf3c0a6ea5e20f40f57862c0b03a4e31ff1513b303d28c77
-
SSDEEP
6144:5MVSKlGqB/JXPX+c9BLrgq/6qot7FZyRxJt2gRxhYU1sNmcvVR2l2HM+LJUaoF2:OVPlBJXWcnkq/GNU1E1T5Hb1
-
-
-
Target
inexhaustive/mottles.cmd
-
Size
321B
-
MD5
ded7bcd564459b933ad14e27226a2a29
-
SHA1
a2f761854b03011477299b3d821761d1913652fb
-
SHA256
8af455118b84ec4b48fc339da44bb2f7a6d2f42c08484ae49ea4b312e8142064
-
SHA512
43350be218295966525d161aad64a1c18d2f51db9c386eb26ea1a28bbb4b93d73abf5a8cd2f9f3e9fa73e7b51718e8faa2b9e12aaab503aa9575f7c37233a3a8
Score1/10 -
-
-
Target
inexhaustive/waviness.jpg
-
Size
61KB
-
MD5
980e8d60a93e3fa912d4daffea779480
-
SHA1
b329eb8d42f798dcdd216d32654d90a3dc48385a
-
SHA256
98d87b782bf26c21c0c8ad62e402d0475e1f22fba96f02453d994b643b5be174
-
SHA512
a34bdd17ede8f6cc0701bae9064832e095e768a7ecf652218539de666d4443720585af57a55507bf9a6878d0752a6803980c0dc1741d7b2b079bd94da3e0b051
-
SSDEEP
1536:222UdBqBD/jJ+d7naXHqmljv86xsqeyB9mPg6gopzGIAF:n2UdBqBTtqGqiQ6xss3mPbgoJ8F
Score3/10 -