General
-
Target
lol99.vhd
-
Size
2.0MB
-
Sample
221207-f2m84sbf2x
-
MD5
7753a1591679311c2bffa8e0888cf39a
-
SHA1
63d479d20fa7364a5eb4036576d18f36aea184b9
-
SHA256
1204c2bc02431a696c9d452daf3b77672f9001b6ef7abea6c5384d8091a545e9
-
SHA512
297795210d33e57067e2220a5eea5e164cffafeffe10af67f48312382aa2016e64cb18c54e9cfd92ef71a75370dbd0c65f2e7ec1c8ba875e72c61b346f888218
-
SSDEEP
12288:aOwOx+hfiNzqkalTfvvHWiYj7amQZGTcpy20ZsGOIBrupfJ:j+hnXWi+2pZG40P6nIBrUJ
Static task
static1
Behavioral task
behavioral1
Sample
CX.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
CX.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
friskingly/classics.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
friskingly/classics.cmd
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
friskingly/reformism.cmd
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
friskingly/reformism.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
friskingly/titivating.dll
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
friskingly/titivating.dll
Resource
win10v2004-20221111-en
Malware Config
Extracted
qakbot
404.46
BB08
1669902931
71.46.234.171:443
50.68.204.71:443
186.28.89.170:995
50.68.204.71:993
62.31.130.138:465
152.170.17.136:443
108.162.6.34:995
24.142.218.202:443
67.61.71.201:443
65.95.85.172:2222
50.232.21.70:995
76.184.95.190:993
47.16.69.220:2222
178.169.196.115:443
184.64.44.21:443
12.172.173.82:22
77.126.81.208:443
38.69.136.177:995
174.104.184.149:443
173.18.126.3:443
172.90.139.138:2222
183.82.100.110:2222
184.153.132.82:443
86.130.9.180:2222
83.7.54.186:443
66.191.69.18:995
186.64.67.9:443
142.118.49.193:2222
91.254.215.167:443
41.34.106.203:993
64.228.191.212:2222
24.64.114.59:50010
80.121.50.13:443
216.82.134.218:443
92.27.86.48:2222
102.158.156.142:443
87.221.197.110:2222
12.172.173.82:993
176.142.207.63:443
24.64.114.59:2222
109.76.27.33:443
90.27.44.76:2222
92.24.200.226:995
75.99.125.235:2222
173.239.94.212:443
73.22.121.210:443
200.109.14.93:2222
61.92.123.169:443
98.145.23.67:443
86.190.16.164:443
136.35.241.159:443
81.155.30.185:2222
91.169.12.198:32100
71.199.168.185:443
64.121.161.102:443
37.14.229.220:2222
12.172.173.82:995
94.63.65.146:443
190.39.199.51:443
103.141.50.117:995
38.166.100.147:2087
190.28.111.166:443
80.107.151.232:2222
69.119.123.159:2222
213.91.235.146:443
76.80.180.154:995
130.43.99.103:995
12.172.173.82:465
75.143.236.149:443
92.239.81.124:443
74.92.243.113:50000
109.145.40.125:443
75.98.154.19:443
88.126.94.4:50000
177.205.67.80:2222
121.122.99.223:995
66.180.226.117:2222
78.69.251.252:2222
105.99.88.96:443
92.189.214.236:2222
108.162.6.34:443
84.35.26.14:995
12.172.173.82:990
188.54.99.243:995
71.31.101.183:443
80.13.179.151:2222
90.119.197.132:2222
47.41.154.250:443
109.149.148.184:2222
82.9.210.36:443
75.161.233.194:995
81.229.117.95:2222
90.116.219.167:2222
90.162.45.154:2222
190.74.104.149:465
76.100.159.250:443
105.108.215.158:990
197.0.145.209:443
70.115.104.126:995
50.90.249.161:443
109.11.175.42:2222
119.82.121.63:443
80.0.74.165:443
24.64.114.59:3389
178.191.21.187:995
70.66.199.12:443
216.196.245.102:2083
82.36.36.76:443
71.247.10.63:995
184.155.91.69:443
201.208.139.250:2222
12.172.173.82:21
199.83.165.233:443
90.104.22.28:2222
184.176.154.83:995
92.207.132.174:2222
92.185.204.18:2078
69.133.162.35:443
2.99.47.198:2222
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
CX.lnk
-
Size
1KB
-
MD5
1674e161214abac968868f320acd78dd
-
SHA1
a8d7dc25d8a5537296ff552208941ce7de36a25f
-
SHA256
67c24b7ed4b4427cf5e6f0d379a69981431edac9c328dd43b2bf230327075778
-
SHA512
e9a26c1801cad72d07c1a07b7275926c0fc51f77911422ec8d83bff6df4c4d12edd0139550652e71a5070992742cd74e60f5392e3249e4b450f8769b7e1ec68b
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
friskingly/classics.cmd
-
Size
305B
-
MD5
7bce54e12656f0aba6ad783698b32bb1
-
SHA1
cae9d14d2f47e02c968bddbf361e4e70af1c4977
-
SHA256
2e8fe805c67f67a413e4040dcdce0f847f86c021820d426d3b35b20040d3772e
-
SHA512
980a6dc4bbe77f7bfd54db5ab5d8655619cf132769e8d0a9a9f59586330928e60711da6b6768c6cda14a2d34d5d97915e45d322c4a8904dfbd08442dda9fc87c
Score1/10 -
-
-
Target
friskingly/reformism.cmd
-
Size
208B
-
MD5
8f92d55e945fd6da1128b29288998952
-
SHA1
2546c3bc27ca66a0af58abd3ed78a10094039e40
-
SHA256
083edddd979862613bb525bb419fc0e046f1499adaf2e253fda8afbdaf5454df
-
SHA512
169bc6a2d37181041f09aa5a5b01a856707e90e769ab40fc2a600c79dda922693fec1f6b52651e5683534c149c00851e70c8529fe53e7392e25184497a2fec07
Score1/10 -
-
-
Target
friskingly/titivating.tmp
-
Size
599KB
-
MD5
b18962586238e5a713b8a9dda2928ac6
-
SHA1
5e14559daeb93083171d8d4e3bc63ebb72b88e6e
-
SHA256
97a3cb32f891f0d01251c307356a5e89a71ebc9af24fde703f8e04aae24a72d4
-
SHA512
240aeddce61725162a292a6e33668eb2e67a86a448f57cb9bafef94f419b26277577af6ebd6e4825ad54d131d60f9d619b0fa6dd5f1ba63d78600ba854f17cf2
-
SSDEEP
12288:W+hfiNzqkalTfvvHWiYj7amQZGTcpy20ZsGOIBrupfJ:W+hnXWi+2pZG40P6nIBrUJ
Score1/10 -