General
-
Target
b2c1a42235871224b3afb06b931a4aa6a0d074c0953a1469bc6358cedcf75d3a.vhd
-
Size
2.0MB
-
Sample
221205-1dpr9ahe72
-
MD5
fd765e768b7703d955ca8073a4b82030
-
SHA1
eedd6f668348f718ed2ccd8863d973ac6ce51f59
-
SHA256
b2c1a42235871224b3afb06b931a4aa6a0d074c0953a1469bc6358cedcf75d3a
-
SHA512
7ecee45612b04abaf619829ee4bb0e108752ea07ed84989fd751f92752e6324faf9a15b46d7985b661d84d3a9763d558136e4a32c3fdd25798d322bc432dbacb
-
SSDEEP
12288:L+hfiNzqkalTfvvHWiYj7amQZGTcpC20ZsGOIBrupfJ:L+hnXWi+2pZG4UP6nIBrUJ
Static task
static1
Behavioral task
behavioral1
Sample
CX.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
CX.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
glasses/astrophysics.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
glasses/astrophysics.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
glasses/caitiff.cmd
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
glasses/caitiff.cmd
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
glasses/certificated.cmd
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
glasses/certificated.cmd
Resource
win10v2004-20221111-en
Malware Config
Extracted
qakbot
404.46
BB08
1669902931
71.46.234.171:443
50.68.204.71:443
186.28.89.170:995
50.68.204.71:993
62.31.130.138:465
152.170.17.136:443
108.162.6.34:995
24.142.218.202:443
67.61.71.201:443
65.95.85.172:2222
50.232.21.70:995
76.184.95.190:993
47.16.69.220:2222
178.169.196.115:443
184.64.44.21:443
12.172.173.82:22
77.126.81.208:443
38.69.136.177:995
174.104.184.149:443
173.18.126.3:443
172.90.139.138:2222
183.82.100.110:2222
184.153.132.82:443
86.130.9.180:2222
83.7.54.186:443
66.191.69.18:995
186.64.67.9:443
142.118.49.193:2222
91.254.215.167:443
41.34.106.203:993
64.228.191.212:2222
24.64.114.59:50010
80.121.50.13:443
216.82.134.218:443
92.27.86.48:2222
102.158.156.142:443
87.221.197.110:2222
12.172.173.82:993
176.142.207.63:443
24.64.114.59:2222
109.76.27.33:443
90.27.44.76:2222
92.24.200.226:995
75.99.125.235:2222
173.239.94.212:443
73.22.121.210:443
200.109.14.93:2222
61.92.123.169:443
98.145.23.67:443
86.190.16.164:443
136.35.241.159:443
81.155.30.185:2222
91.169.12.198:32100
71.199.168.185:443
64.121.161.102:443
37.14.229.220:2222
12.172.173.82:995
94.63.65.146:443
190.39.199.51:443
103.141.50.117:995
38.166.100.147:2087
190.28.111.166:443
80.107.151.232:2222
69.119.123.159:2222
213.91.235.146:443
76.80.180.154:995
130.43.99.103:995
12.172.173.82:465
75.143.236.149:443
92.239.81.124:443
74.92.243.113:50000
109.145.40.125:443
75.98.154.19:443
88.126.94.4:50000
177.205.67.80:2222
121.122.99.223:995
66.180.226.117:2222
78.69.251.252:2222
105.99.88.96:443
92.189.214.236:2222
108.162.6.34:443
84.35.26.14:995
12.172.173.82:990
188.54.99.243:995
71.31.101.183:443
80.13.179.151:2222
90.119.197.132:2222
47.41.154.250:443
109.149.148.184:2222
82.9.210.36:443
75.161.233.194:995
81.229.117.95:2222
90.116.219.167:2222
90.162.45.154:2222
190.74.104.149:465
76.100.159.250:443
105.108.215.158:990
197.0.145.209:443
70.115.104.126:995
50.90.249.161:443
109.11.175.42:2222
119.82.121.63:443
80.0.74.165:443
24.64.114.59:3389
178.191.21.187:995
70.66.199.12:443
216.196.245.102:2083
82.36.36.76:443
71.247.10.63:995
184.155.91.69:443
201.208.139.250:2222
12.172.173.82:21
199.83.165.233:443
90.104.22.28:2222
184.176.154.83:995
92.207.132.174:2222
92.185.204.18:2078
69.133.162.35:443
2.99.47.198:2222
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
CX.lnk
-
Size
1KB
-
MD5
2cf243993914e5e59bb3f2336a1cec7e
-
SHA1
7985e21c3d6426b9aa6943a5849a0c6b69bfe1ed
-
SHA256
3b718372bc32b024b122a866999b4a6b3e67a0efe57803417700828203f2f78a
-
SHA512
0d14ba36241244a0eb70dc52621f445f39450dec88bb4f148675e2b7b2db2870bd1ea00fe1af6fae53f6a03293fb327dbae47dc0cba58f8a906470d054398116
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
glasses/astrophysics.tmp
-
Size
599KB
-
MD5
8016278a2154ddd50fa719a15d93f166
-
SHA1
af6b2dddaf6192ee547c783a58dc6ce49317a54d
-
SHA256
22c550ddaee6ffdc3b4ab09bcc64461d444312958cd14f05178b2124de18ffa4
-
SHA512
7bf75b38b29a685be4fbce0700e9a22f273911eb71400de028bbf3e9e2e586c992b168bb752562b19e7373f672e31d7a42fb1735fb2ef7b02951c1f18f642faf
-
SSDEEP
12288:W+hfiNzqkalTfvvHWiYj7amQZGTcpC20ZsGOIBrupfJ:W+hnXWi+2pZG4UP6nIBrUJ
Score1/10 -
-
-
Target
glasses/caitiff.cmd
-
Size
230B
-
MD5
f656106936e1f45ae054b6d4dd029219
-
SHA1
0e2e4d706e383dec6a2ed3ae08b8caf6a4b4f061
-
SHA256
c29ab47a71c297c0cd9297ca77f494451134c89b8056965e3a99d2a5550103ea
-
SHA512
5b0817224afda6a35f75a4c8513676c23e7e3dbb455fc8089eeb10a717f8b701d2840da91b5656d3fa1a364784eff4ebc5907e51fec1b0047e8e7d91b165b1b0
Score1/10 -
-
-
Target
glasses/certificated.cmd
-
Size
297B
-
MD5
a5d2f0ccad9c55ccc8fb24379a5c2cc8
-
SHA1
c5acbaca2dc86b0779a64dd94fd83ec8d612b45d
-
SHA256
51c5b2aad08d5283ef553c4773ae9b8d26eb30ce8e6b59d7c13003f57ce7ae68
-
SHA512
01f4906bc9a1fd70333052370860828f631b1d05ad58b2815dea24363df90f2d2fbb6c285fba6f5890b5830f239291b0e32db5b99b8c839d4872a0f7fbc1cdce
Score1/10 -