Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
WP#3272.html
-
Size
1.3MB
-
Sample
221201-q5jp7sha5z
-
MD5
bde0e3672c5de82a86f83c6315c2eb95
-
SHA1
57dca61336755ce5631248e8b56642a369ffecc0
-
SHA256
65ccb33e111a2bfe4e74dafd5c3cb62f8dc4cfedb4492785dfc2d0838841b10e
-
SHA512
267bf372fa88917e928c5a65907fab19a9365f8f82532ea63c0edd221cd9f5882114163d9d0c31992057d5ab247bcb0dcb6e98662e18fb16e925938f5f338c45
-
SSDEEP
12288:swiSePqm22VGDFKObVwAfqmRw696LzA9kKS9EOIWV4T9OaJn267hjmFPpQx90DLz:mJ2P9Bfq+cGNrOIWyBOD6F0o4ghBgP
Static task
static1
Behavioral task
behavioral1
Sample
WP#3272.html
Resource
win7-20220812-en
Malware Config
Extracted
qakbot
404.46
obama224
1669794048
75.161.233.194:995
216.82.134.218:443
174.104.184.149:443
173.18.126.3:443
87.202.101.164:50000
172.90.139.138:2222
184.153.132.82:443
185.135.120.81:443
24.228.132.224:2222
87.223.84.190:443
178.153.195.40:443
24.64.114.59:2222
77.126.81.208:443
75.99.125.235:2222
173.239.94.212:443
98.145.23.67:443
109.177.245.176:2222
72.200.109.104:443
12.172.173.82:993
82.11.242.219:443
92.149.205.238:2222
183.82.100.110:2222
176.142.207.63:443
92.24.200.226:995
69.119.123.159:2222
91.169.12.198:32100
64.121.161.102:443
124.122.55.68:443
12.172.173.82:995
85.231.105.49:2222
94.63.65.146:443
176.133.4.230:995
213.67.255.57:2222
90.89.95.158:2222
156.217.158.177:995
88.126.94.4:50000
87.57.13.215:443
102.159.83.36:443
121.122.99.223:995
216.196.245.102:2222
12.172.173.82:465
78.69.251.252:2222
76.80.180.154:995
75.143.236.149:443
109.11.175.42:2222
221.161.103.6:443
74.92.243.113:50000
75.98.154.19:443
47.41.154.250:443
49.175.72.56:443
81.229.117.95:2222
92.189.214.236:2222
83.92.85.93:443
108.162.6.34:443
84.35.26.14:995
136.232.184.134:995
188.54.99.243:995
93.24.192.142:20
75.84.234.68:443
71.31.101.183:443
80.13.179.151:2222
184.155.91.69:443
76.100.159.250:443
24.64.114.59:3389
46.246.245.152:995
70.115.104.126:995
197.2.209.208:995
50.90.249.161:443
70.66.199.12:443
216.196.245.102:2083
182.66.197.35:443
142.161.27.232:2222
76.127.192.23:443
92.207.132.174:2222
174.77.209.5:443
12.172.173.82:21
199.83.165.233:443
74.66.134.24:443
77.86.98.236:443
90.104.22.28:2222
71.247.10.63:50003
108.6.249.139:443
184.176.154.83:995
81.198.136.151:995
80.0.74.165:443
71.247.10.63:995
174.58.146.57:443
69.133.162.35:443
50.68.204.71:995
24.64.114.59:61202
47.34.30.133:443
12.172.173.82:50001
75.158.15.211:443
216.196.245.102:2078
181.164.194.228:443
193.154.207.221:443
213.191.164.70:443
197.92.135.188:443
172.117.139.142:995
76.20.42.45:443
24.64.114.59:2078
73.36.196.11:443
58.247.115.126:995
73.155.10.79:443
92.98.72.220:2222
84.113.121.103:443
2.50.47.109:443
12.172.173.82:990
106.212.18.255:995
98.147.155.235:443
92.106.70.62:2222
108.44.207.232:443
24.206.27.39:443
130.43.99.103:995
50.68.204.71:993
71.46.234.171:443
108.162.6.34:995
24.142.218.202:443
166.62.145.54:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
WP#3272.html
-
Size
1.3MB
-
MD5
bde0e3672c5de82a86f83c6315c2eb95
-
SHA1
57dca61336755ce5631248e8b56642a369ffecc0
-
SHA256
65ccb33e111a2bfe4e74dafd5c3cb62f8dc4cfedb4492785dfc2d0838841b10e
-
SHA512
267bf372fa88917e928c5a65907fab19a9365f8f82532ea63c0edd221cd9f5882114163d9d0c31992057d5ab247bcb0dcb6e98662e18fb16e925938f5f338c45
-
SSDEEP
12288:swiSePqm22VGDFKObVwAfqmRw696LzA9kKS9EOIWV4T9OaJn267hjmFPpQx90DLz:mJ2P9Bfq+cGNrOIWyBOD6F0o4ghBgP
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-