Overview
overview
10Static
static
TE04/Ref.lnk
windows7-x64
10TE04/Ref.lnk
windows10-2004-x64
10TE04/syndr...st.cmd
windows7-x64
1TE04/syndr...st.cmd
windows10-2004-x64
1TE04/syndr...ta.dll
windows7-x64
3TE04/syndr...ta.dll
windows10-2004-x64
3TE04/syndr...la.cmd
windows7-x64
1TE04/syndr...la.cmd
windows10-2004-x64
1General
-
Target
TE04.7z
-
Size
329KB
-
Sample
221207-hjs3radd85
-
MD5
d3c13daff201f55c94bee220135ee954
-
SHA1
0e2714430b60be38535cb5173442fb57ade8ad9b
-
SHA256
5517f176fbd908ab99f0afe8980ce9e118cf89ba982dde9d403f47e9c5f4a8b8
-
SHA512
4f339ae35b0df5a5c89b55ea3293608fb8d20f41155f35d38b96f9d4cfcb1a15d1d522869d9d17e17d2ae4149aaa4e271d5076968476322ee38997b35db29cbe
-
SSDEEP
6144:JsGzvEGQfiZutWrBAJK8opx40UeQNWLO4bPmfSb184af/6gOv:iGDQK46q0CNWLpjmc18dqv
Static task
static1
Behavioral task
behavioral1
Sample
TE04/Ref.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
TE04/Ref.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
TE04/syndrome/destructionist.cmd
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
TE04/syndrome/destructionist.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
TE04/syndrome/dicta.dll
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
TE04/syndrome/dicta.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
TE04/syndrome/dracula.cmd
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
TE04/syndrome/dracula.cmd
Resource
win10v2004-20220812-en
Malware Config
Extracted
qakbot
404.46
obama226
1670237875
76.100.159.250:443
66.191.69.18:995
186.64.67.9:443
50.90.249.161:443
109.150.179.158:2222
92.149.205.238:2222
86.165.15.180:2222
41.44.19.36:995
78.17.157.5:443
173.18.126.3:443
75.99.125.235:2222
172.90.139.138:2222
27.99.45.237:2222
91.68.227.219:443
12.172.173.82:993
103.144.201.62:2078
12.172.173.82:990
173.239.94.212:443
91.169.12.198:32100
24.64.114.59:2222
74.66.134.24:443
93.164.248.234:443
83.92.85.93:443
78.69.251.252:2222
190.134.138.61:443
2.99.47.198:2222
73.223.248.31:443
12.172.173.82:995
94.63.65.146:443
80.13.179.151:2222
70.120.228.205:2083
216.196.245.102:2078
31.167.254.199:995
89.129.109.27:2222
69.119.123.159:2222
91.254.230.18:443
64.121.161.102:443
38.166.242.12:2087
12.172.173.82:465
75.143.236.149:443
81.229.117.95:2222
74.92.243.113:50000
183.82.100.110:2222
75.98.154.19:443
193.154.202.210:443
121.122.99.223:995
70.115.104.126:995
213.67.255.57:2222
213.91.235.146:443
37.14.229.220:2222
76.80.180.154:995
62.31.130.138:465
89.115.196.99:443
2.83.12.243:443
85.152.152.46:443
188.48.123.229:995
90.104.22.28:2222
201.210.107.223:993
47.41.154.250:443
50.68.204.71:995
84.215.202.22:443
85.241.180.94:443
92.189.214.236:2222
103.55.67.180:443
90.89.95.158:2222
86.217.250.15:2222
72.68.175.55:2222
86.190.16.164:443
136.244.25.165:443
65.30.139.145:995
73.161.176.218:443
199.83.165.233:443
98.145.23.67:443
84.35.26.14:995
24.64.114.59:3389
50.68.204.71:443
102.46.139.82:993
71.247.10.63:995
149.126.159.106:443
58.162.223.233:443
216.196.245.102:2083
184.155.91.69:443
87.99.116.47:443
81.131.210.167:443
103.141.50.117:995
184.176.154.83:995
92.207.132.174:2222
142.161.27.232:2222
176.142.207.63:443
184.153.132.82:443
108.6.249.139:443
69.133.162.35:443
76.20.42.45:443
139.216.164.122:443
24.206.27.39:443
12.172.173.82:21
77.86.98.236:443
50.68.204.71:993
88.126.94.4:50000
85.245.221.87:2078
190.206.70.80:2222
87.221.197.110:2222
83.7.54.186:443
87.223.91.46:443
78.100.230.10:995
181.164.194.228:443
174.101.111.4:443
75.115.14.189:443
86.225.214.138:2222
58.247.115.126:995
86.96.75.237:2222
105.103.56.28:2078
198.2.51.242:993
174.104.184.149:443
105.103.56.28:990
24.64.114.59:61202
93.24.192.142:20
2.14.82.210:2222
90.116.219.167:2222
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
TE04/Ref.lnk
-
Size
1KB
-
MD5
3c83e782ba4793d7b194af3d5b7f9981
-
SHA1
d33e0832cfc74f84348df11696110568d0b408de
-
SHA256
825f3a95e993738244d73871122e8763e4c676193151e560f5cc6f9a188167de
-
SHA512
64119134a80b0374232c2b47e6b8902dac55bec0d4648db7f26b8a7a706355d0c831e88fe243743dc34f466103c602155147ffb52c5096d30aaf97fe9e5f2c65
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
TE04/syndrome/destructionist.cmd
-
Size
203B
-
MD5
4ab1a6ff3cfb1eb30f63bfc37350bf93
-
SHA1
c311091263a9e245ec26db0a2faa349e069e6676
-
SHA256
56e216d8e523b5836af40bb97f4284dbf32f9b7ffd27215d203da4867478f02b
-
SHA512
015dacaa62f167e36102fc9106c684f31d5a24a70afcbb77952e290ce8d25eee058adebffd389d9d41e3c5a6f1f0ff8bf17554e14c8b80655f3c26f42abe2249
Score1/10 -
-
-
Target
TE04/syndrome/dicta.tmp
-
Size
596KB
-
MD5
98b6b7eb3a0d889bdfd24130e72e8afd
-
SHA1
46be771ff368e840160bd5e03a45ec93d8fbc3ee
-
SHA256
bf3915a0a3e128b90d5f3c3173c4310e71d458d778d3bb7b9695c18892256120
-
SHA512
b36b8089b59390e3d39e10cedc28c485c317e4df3d01f669e56e817e1b3fb1fb069417c8e9e0022824fc74208b5bee727ad9441d0c5656f43cd3cc93789f67c2
-
SSDEEP
12288:4n8J739YoRmwZBY9bk8OlBf07A4QDXSAIdQFFF7:481FR7tVlDXScn
Score3/10 -
-
-
Target
TE04/syndrome/dracula.cmd
-
Size
308B
-
MD5
7f099ddafbff736bfda8eef8365f20ce
-
SHA1
6474123573496ae56747e8df01b21fe00043289b
-
SHA256
05cf835776fba30791b155a9bdfdb3bc245d3283bf6b844838a8a6938c94aec7
-
SHA512
2a356d3286f32ffdb025b81f871ffef87f65433ed60cced557921a634f9fd1b7fd0ffa05bec9ed46e9ebb000a34c0f69be6954e4ca9f849ca291a5f8c5b181f6
Score1/10 -