General
-
Target
attachment.zip
-
Size
425KB
-
Sample
221213-ltb4rshb3s
-
MD5
c5a31070a1b52fb7bcd076a2805c020b
-
SHA1
b7643ff66e8c65356d19d3f611bd5634061057fa
-
SHA256
a80a15e4dbd9191e1c3c3faf804c60d614a844d9a7f7472c3c1816e9bf2dc81a
-
SHA512
46c5fb3ba897ac2528a21d63a5a53392f7dea519f9ba48b77bf05d681834256ccc4781428857fa0337af68b69ce5ad57689776bd2d9ee8e26e27c687e4947b81
-
SSDEEP
12288:PPET7sbhJObntPhemGL9sM8fMMgvMZIxbEFO:nkIbzwnbvGaM8fEsc
Static task
static1
Behavioral task
behavioral1
Sample
DOC_FI7820.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DOC_FI7820.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
NewInvoice/NewInvoice.cmd
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
NewInvoice/NewInvoice.cmd
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
NewInvoice/NewRules.dll
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
NewInvoice/NewRules.dll
Resource
win10v2004-20221111-en
Malware Config
Extracted
qakbot
404.46
azd
1670585059
173.239.94.212:443
91.169.12.198:32100
74.66.134.24:443
66.191.69.18:995
182.75.189.42:995
78.69.251.252:2222
98.145.23.67:443
103.71.21.107:443
197.94.219.133:443
91.68.227.219:443
12.172.173.82:993
86.176.83.127:2222
64.121.161.102:443
41.98.21.114:443
92.154.17.149:2222
151.65.67.211:443
89.129.109.27:2222
76.11.14.249:443
69.119.123.159:2222
70.66.199.12:443
12.172.173.82:990
183.82.100.110:2222
83.114.60.6:2222
92.189.214.236:2222
70.115.104.126:995
190.18.236.175:443
121.122.99.223:995
72.53.103.56:443
91.165.188.74:50000
12.172.173.82:995
156.220.229.249:993
86.96.75.237:2222
85.152.152.46:443
181.118.183.44:443
76.80.180.154:995
81.248.77.37:2222
90.66.229.185:2222
86.130.9.250:2222
172.117.139.142:995
12.172.173.82:465
75.143.236.149:443
81.229.117.95:2222
81.111.108.123:443
50.68.204.71:995
124.122.55.68:443
139.5.239.14:443
37.56.111.49:995
46.10.198.106:443
85.61.165.153:2222
90.104.22.28:2222
88.126.94.4:50000
90.89.95.158:2222
83.213.201.104:993
73.223.248.31:443
47.41.154.250:443
2.99.47.198:2222
190.199.169.127:993
83.92.85.93:443
184.68.116.146:2222
73.161.176.218:443
150.107.231.59:2222
98.178.242.28:443
213.67.255.57:2222
174.104.184.149:443
108.6.249.139:443
84.35.26.14:995
149.126.159.106:443
184.68.116.146:3389
37.14.229.220:2222
24.206.27.39:443
199.83.165.233:443
84.215.202.22:443
71.247.10.63:995
50.68.204.71:443
86.169.19.140:2222
76.20.42.45:443
70.55.120.16:2222
69.133.162.35:443
12.172.173.82:21
72.200.109.104:443
50.68.204.71:993
2.83.12.243:443
184.176.154.83:995
176.177.136.35:443
92.207.132.174:2222
174.77.209.5:443
142.161.27.232:2222
86.159.48.25:2222
100.6.8.7:443
184.153.132.82:443
27.109.19.90:2078
94.105.123.53:443
198.2.51.242:993
70.120.228.205:443
75.158.15.211:443
181.164.194.223:443
184.68.116.146:61202
184.68.116.146:2078
86.225.214.138:2222
78.213.14.206:443
176.142.207.63:443
73.36.196.11:443
197.26.142.159:443
176.151.15.101:443
87.65.160.87:995
92.24.200.226:995
87.221.197.110:2222
77.86.98.236:443
162.248.14.107:443
84.113.121.103:443
137.186.193.226:3389
92.8.190.211:2222
201.208.139.250:2222
12.172.173.82:22
75.98.154.19:443
24.142.218.202:443
70.77.116.233:443
24.228.132.224:2222
92.145.203.167:2222
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
DOC_FI7820.lnk
-
Size
1KB
-
MD5
32b5854f5a7cb3f0837767291afd24f5
-
SHA1
9e69b181e8afd292e9a14320db2774ecf66aeb00
-
SHA256
7559a1d112ee174f4cc2d72df34f1a23db6dc1616684bd8e5c88a853e7d1f423
-
SHA512
4f8dceabcfdf31addee6355aeb1d1a3ea2583089b3146e3b2481ac7419b12894530c01959ab5511cb37ac74987e27405e973eb521596a5d645b302501a06445b
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
NewInvoice/NewInvoice.cmd
-
Size
9KB
-
MD5
e664607089ca89edba7bf12cc9daf951
-
SHA1
6ba2846f1a75bead0f68902316d1962c4bd79ebe
-
SHA256
38b81ef7d029cb614991ae402ac6104901770cabb59fe45bcb8a76d5f916e9e4
-
SHA512
b47846946259d895c6f0c0228d48e24bb14a826fbad4d31f6299d8d364f971e5452ac94d6f9914b4cc59f1737ea660f8d4c3d36f7a4544f0fb8c4513ea601a6c
-
SSDEEP
96:iZtaVuRjH84cfD9x5unKxX01DOfWWBRNj7vwCrlMei4y1GEb5k4YfHqzOYmi+Bpc:rVwH0RG4WWB7vwKti4yMEtk1pBo9Floo
-
-
-
Target
NewInvoice/NewRules.get
-
Size
733KB
-
MD5
1b4eb3e5510b5f32c4ed5f9ba11288bd
-
SHA1
f91052aa0a9375422ee29a7756df4756fb759486
-
SHA256
678b2d1d0e5dc0e18f5f85abbed3d036c99fa9db8704676adaf9ec304b582523
-
SHA512
40f479618f6f8cc103cb2acb0890ef0833263a501a8a60f2c50eba5602540bd98c7c142eb01355962e5b8bad6d34bb42f31b11aa3f1d950bf2a3c2f82b7e6960
-
SSDEEP
12288:bx5BlbjoVPn84C8oSZTkwvFsaLJ5sU4gzplUWQnLI7QAeh+nqb7/ODsrETSeWBE:b/CP1jVtkBKzsU4gLUWZ7tqb72eR
Score3/10 -