General
-
Target
document-76992.iso
-
Size
926KB
-
Sample
221101-xrle7secg5
-
MD5
ad84f36ef9b66757505423b5b393da6a
-
SHA1
3b67f1e6f20ba4dac2fa65530bed61d71997b5d5
-
SHA256
6e786f6d3be969f0034576dbbe865bb396c03494a7399123a9c82c429563724d
-
SHA512
7de464d6ff55a77ecd7fefe5048e4f872d4ed31f4b7e0775c82ee1043b701e02579fca35f2902c28b32e211380d5e6e9f42544f501d31fc226dbefb4240be529
-
SSDEEP
12288:Pkpde329VEdv++607q6YP4uo7N9SIegv8JowUShUPw0bcbA4k7pvLCmii4:Pudy29ChzEoaQ0Uw1bdSFOI4
Static task
static1
Behavioral task
behavioral1
Sample
documents-5914.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
documents-5914.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
templates117.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
templates117.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
untunnelled.cmd
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
untunnelled.cmd
Resource
win10v2004-20220901-en
Malware Config
Extracted
qakbot
404.20
BB05
1667294768
136.232.184.134:995
1.65.20.175:53249
187.0.1.154:63263
50.68.204.71:995
74.92.243.113:50000
1.149.126.159:57345
187.0.1.182:17093
123.3.240.16:995
76.68.34.167:2222
172.219.147.156:3389
94.49.5.116:443
187.0.1.181:14507
206.1.223.234:2087
187.0.1.186:18828
131.23.1.187:1
23.233.254.195:443
76.125.91.160:443
187.0.1.90:42349
70.51.139.148:2222
187.0.1.76:47526
151.213.183.141:995
187.0.1.45:9057
152.170.17.136:443
92.185.204.18:2078
187.0.1.47:3813
105.103.103.142:443
66.37.239.222:2078
41.141.112.224:443
66.37.239.222:995
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
documents-5914.lnk
-
Size
2KB
-
MD5
394695eb51255c8456e126164a88f5b7
-
SHA1
0de0a75f440277f21da82f4c857fa1e327376e19
-
SHA256
b0bbf09ed3b4cd27993120bd6858a8627f2eed6faeaba2149d10b2d68b64f8a0
-
SHA512
5ef1d6567cc71b68cabe9d92f0ed05fe280d7c8268d5c463c3e1557bccda89d7411122a2103ec2df7d60a6d38aafefabf283ff650bf5028382d6338c593d9e5a
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
templates117.png
-
Size
421KB
-
MD5
6357313411883e697906ed776e50333f
-
SHA1
c38dfd229653231d3284ac4dfbda860c06ea6606
-
SHA256
5467c27a047c728562781e46d7c10960617a7579c70ac487f371b8888b4e5ae9
-
SHA512
84262b84958471ce4784e742ab8bb1c55a19054b3676ab2b6f1eae6b9b198fc60924b5b9a7fe2ae00e20fd511f68fea5d04f0614681c7d398a6749215352a6ca
-
SSDEEP
12288:Pkpde329VEdv++607q6YP4uo7N9SIegv8JowUShUPw:Pudy29ChzEoaQ0Uw
-
-
-
Target
untunnelled.cmd
-
Size
708B
-
MD5
a7b475df5a324cc53d9f39db000a8ad8
-
SHA1
17e5af29344d7dc707c5b1182a29d21461f1a681
-
SHA256
fd9a182f0d147f9969c47c17b8c420cfef9e8c9459ad85c2d61b587e29b4667e
-
SHA512
47ef6f342c1eaccfa5f428c79ca82dd7bf51659ab53b53ced85814092de3a14de05b52ba5682667a150cefad50abfa3245abaa699f37196949b913deb08f6ea9
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-