Overview
overview
10Static
static
Claim.lnk
windows7-x64
10Claim.lnk
windows10-2004-x64
10undampened...ul.dll
windows7-x64
10undampened...ul.dll
windows10-2004-x64
10undampened...ly.cmd
windows7-x64
1undampened...ly.cmd
windows10-2004-x64
1undampened...ly.cmd
windows7-x64
1undampened...ly.cmd
windows10-2004-x64
1General
-
Target
Claim_BR81.vhd
-
Size
2MB
-
Sample
221205-z14z1sbc4z
-
MD5
668c49b52717db4e027f71fb9df07db8
-
SHA1
81be3bcec43dd655699da05a018868ab6d177764
-
SHA256
39f4de6c82203a2769745f568198d028d37f0ec72792adb18de98a958f59e968
-
SHA512
387a5533a555b6656ebd1385d302e8cfd5f08b929138a7e51f09c548a3f55b9b0de7993d01e88075dcc3aabe9afed18a88446f94c225560c87e51488c5231bd8
-
SSDEEP
12288:dTyGpWTgZEWyGWZDZCFkHkmqnfsd5Ja46fDV3+QWc2:d5pWTgZnOZtHk2JajfRO8
Static task
static1
Behavioral task
behavioral1
Sample
Claim.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Claim.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
undampened/purposeful.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
undampened/purposeful.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
undampened/reassembly.cmd
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
undampened/reassembly.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
undampened/risibly.cmd
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
undampened/risibly.cmd
Resource
win10v2004-20220812-en
Malware Config
Extracted
qakbot
404.46
obama225
1669974461
85.59.61.52:2222
66.191.69.18:995
186.64.67.9:443
174.104.184.149:443
91.165.188.74:50000
213.22.188.57:2222
173.18.126.3:443
90.89.95.158:2222
172.90.139.138:2222
78.100.230.10:995
184.153.132.82:443
41.100.146.58:443
85.152.152.46:443
75.99.125.235:2222
83.92.85.93:443
173.239.94.212:443
24.64.114.59:2222
74.66.134.24:443
98.145.23.67:443
213.67.255.57:2222
92.24.200.226:995
91.68.227.219:443
12.172.173.82:993
70.120.228.205:2083
216.196.245.102:2078
176.142.207.63:443
217.128.91.196:2222
24.228.132.224:2222
69.119.123.159:2222
201.208.139.250:2222
91.169.12.198:32100
64.121.161.102:443
87.221.197.110:2222
86.159.48.25:2222
103.141.50.117:995
41.62.182.1:443
92.186.69.229:2222
37.14.229.220:2222
123.3.240.16:995
70.160.80.210:443
176.128.178.251:443
12.172.173.82:995
94.63.65.146:443
78.163.33.44:443
74.92.243.113:50000
75.98.154.19:443
197.204.18.30:443
121.122.99.223:995
58.247.115.126:995
78.69.251.252:2222
213.91.235.146:443
76.80.180.154:995
130.43.99.103:995
93.156.103.241:443
93.24.192.142:20
41.62.220.86:995
12.172.173.82:465
92.185.204.18:2078
75.143.236.149:443
90.119.197.132:2222
80.13.179.151:2222
47.41.154.250:443
81.229.117.95:2222
92.189.214.236:2222
108.162.6.34:443
72.68.175.55:2222
84.35.26.14:995
12.172.173.82:990
188.54.99.243:995
92.239.81.124:443
92.27.86.48:2222
83.114.60.6:2222
216.196.245.102:2083
71.247.10.63:995
58.162.223.233:443
184.155.91.69:443
178.153.195.40:443
116.74.162.186:443
76.100.159.250:443
88.171.156.150:50000
156.216.253.65:995
73.161.176.218:443
70.115.104.126:995
109.159.119.169:2222
24.64.114.59:3389
87.223.89.157:443
89.129.109.27:2222
70.66.199.12:443
183.82.100.110:2222
142.161.27.232:2222
108.6.249.139:443
69.133.162.35:443
76.127.192.23:443
12.172.173.82:21
199.83.165.233:443
174.77.209.5:443
87.202.101.164:50000
90.104.22.28:2222
83.7.54.186:443
184.176.154.83:995
90.116.219.167:2222
92.207.132.174:2222
136.232.184.134:995
92.149.205.238:2222
86.225.214.138:2222
24.64.114.59:61202
198.2.51.242:993
70.51.136.94:2222
12.172.173.82:50001
75.158.15.211:443
85.61.165.153:2222
181.164.194.228:443
47.34.30.133:443
86.195.32.149:2222
41.34.106.203:993
72.200.109.104:443
196.207.146.214:443
24.206.27.39:443
172.117.139.142:995
190.18.236.175:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
Claim.lnk
-
Size
1KB
-
MD5
de308aec56de0b862231a6bb649a7f93
-
SHA1
0c7a02535887510c5a79393cbe9de3ed8d98127b
-
SHA256
1140a8cc4e36d99308587e748054342528744809cfea8eea9ccd945f874c662a
-
SHA512
a6d96ea68afc028edd8ed06d6d77cc8c64727401bfcde78aff719a94e940eab7d8fdf1b336444a5db9f7e961bfda381aabb7cb34de9cd9d24a38bf6344a5daff
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
undampened/purposeful.tmp
-
Size
444KB
-
MD5
db0613fd8f2fbfbf632d9ffdcf6fe92e
-
SHA1
349e322ce539d3c8be9fa67484d67d4ef0f70493
-
SHA256
33a9e7369a1d9a143497432eebd271e566feb200c5ec6ce54d4e367c29882adb
-
SHA512
f2033178729ff9c5a6ea8301b441e23093bc8136931715cb48c65cfd10fae7c538e65c295f1a95f879f7aea9b6fb995a0a95d8dade125fc24280bff0ea95c0af
-
SSDEEP
12288:BWyGWZDZCFkHkmqnfsd5Ja46fDV3+QWc2:AOZtHk2JajfRO8
-
-
-
Target
undampened/reassembly.cmd
-
Size
285B
-
MD5
0e1d1b53085414be80108431a3ee03ec
-
SHA1
23d01d536acdf7d9cfaabcf97c63ad435652e6da
-
SHA256
d25cf833e6fb446b1c38fee115eb1a1bfb70657ada48f5f20dce799ddade625f
-
SHA512
3ed5af192d5d95be221c279c256c404128a2ef9ac70f48057e5db671566ddbf371d953d45616e29fc6e4008a04c51fa3c3743a388bee03f91a7a5594209a279d
Score1/10 -
-
-
Target
undampened/risibly.cmd
-
Size
219B
-
MD5
172e43861b3f0e6ab44c301eeaf38c72
-
SHA1
abd8de568772fcaceeb526aba05f75bde1dfbafa
-
SHA256
c8367127ed0b2d0d388e151912fbba14ff4e4ba70174b693523566ddda272473
-
SHA512
67f92a17a4f1f03efa11a62f7ce2967457592b7f25118f872c046c926931b6d9dc9022546e182ff4d7488049aecdca5056cbd10bf4ee0a3a17a6d2925403b58d
Score1/10 -
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Query Registry
1Remote System Discovery
1System Information Discovery
3Execution
Command-Line Interface
1Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation