Overview
overview
10Static
static
19WUKB.iso
windows7-x64
39WUKB.iso
windows10-2004-x64
3RR.lnk
windows7-x64
3RR.lnk
windows10-2004-x64
10vibrations...re.cmd
windows7-x64
1vibrations...re.cmd
windows10-2004-x64
1vibrations...ds.exe
windows7-x64
vibrations...ds.exe
windows10-2004-x64
1vibrations/vets.sql
windows7-x64
3vibrations/vets.sql
windows10-2004-x64
3General
-
Target
9WUKB.zip.zip
-
Size
1.3MB
-
Sample
230222-1yy7esff7s
-
MD5
2910b256eb5c83fee20df8ae67749c54
-
SHA1
108a70bdfbf92ef16179a57bd0296067749e9c29
-
SHA256
eadf29b611de83b2bb26d0314c1c1070966d7dacc3da2321520b0841ba183d7f
-
SHA512
f4403e87d19f71ad7da6ace847dd23b6d5f95daba235e6ab592267003eb6d70076f0be7e7beca85b3df02c4acc11ccdb6f954aa5b9edb79e1900e9e0a0ef23ca
-
SSDEEP
24576:e/g3cFiZKK1IqpvwHUdqUNdAgpmWkZ8Z8BaYDY1AiD/i1cCr7o/myANvwy:PsFi71Iq60jO7BbLjcA4yWy
Static task
static1
Behavioral task
behavioral1
Sample
9WUKB.iso
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
9WUKB.iso
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
RR.lnk
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
RR.lnk
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
vibrations/curvature.cmd
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
vibrations/curvature.cmd
Resource
win10v2004-20230221-en
Behavioral task
behavioral7
Sample
vibrations/outbids.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
vibrations/outbids.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
vibrations/vets.sql
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
vibrations/vets.sql
Resource
win10v2004-20230220-en
Malware Config
Extracted
qakbot
404.9
BB16
1677046917
47.21.51.138:443
72.80.7.6:50003
82.127.204.82:2222
49.175.72.56:443
201.244.108.183:995
122.184.143.82:443
102.156.253.86:443
74.58.71.237:443
47.21.51.138:995
77.86.98.236:443
71.31.101.183:443
136.232.184.134:995
86.225.214.138:2222
95.242.101.251:995
109.11.175.42:2222
90.78.138.217:2222
184.176.35.223:2222
35.143.97.145:995
202.186.177.88:443
114.79.180.14:995
86.150.47.219:443
183.87.163.165:443
50.68.186.195:443
190.75.95.164:2222
98.145.23.67:443
67.10.175.47:2222
71.212.147.224:2222
88.126.94.4:50000
103.140.174.19:2222
103.231.216.238:443
78.84.123.237:995
180.151.108.14:443
80.47.57.131:2222
198.2.51.242:993
50.68.204.71:995
205.164.227.222:443
147.219.4.194:443
77.124.6.149:443
49.245.82.178:2222
46.10.198.107:443
76.80.180.154:995
12.172.173.82:32101
68.150.18.161:443
68.173.170.110:8443
24.9.220.167:443
12.172.173.82:2087
50.68.204.71:993
107.146.12.26:2222
81.229.117.95:2222
27.0.48.233:443
69.133.162.35:443
59.28.84.65:443
76.170.252.153:995
89.32.159.192:995
202.142.98.62:995
73.78.215.104:443
181.164.217.211:443
92.97.203.51:2222
116.74.164.26:443
103.141.50.102:995
149.74.159.67:2222
116.72.250.18:443
125.99.69.178:443
202.142.98.62:443
67.61.71.201:443
103.123.223.168:443
80.13.205.69:2222
80.0.74.165:443
86.99.54.39:2222
213.67.255.57:2222
176.142.207.63:443
50.67.17.92:443
217.165.1.53:2222
70.64.77.115:443
2.50.47.74:443
66.191.69.18:995
75.143.236.149:443
197.92.136.122:443
108.190.203.42:995
50.68.204.71:443
12.172.173.82:995
70.77.116.233:443
162.248.14.107:443
75.98.154.19:443
58.247.115.126:995
184.68.116.146:61202
41.99.50.76:443
184.68.116.146:3389
72.203.216.98:2222
103.252.7.231:443
12.172.173.82:50001
70.160.80.210:443
12.172.173.82:465
12.172.173.82:21
47.34.30.133:443
202.187.232.161:995
98.147.155.235:443
124.122.56.144:443
75.141.227.169:443
103.144.201.53:2078
172.248.42.122:443
12.172.173.82:990
24.239.69.244:443
173.18.126.3:443
73.165.119.20:443
90.104.22.28:2222
14.192.241.76:995
74.33.196.114:443
74.93.148.97:995
86.202.48.142:2222
174.104.184.149:443
12.172.173.82:20
109.151.144.37:443
104.35.24.154:443
114.143.176.234:443
84.35.26.14:995
45.50.233.214:443
64.237.185.60:443
73.161.176.218:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
9WUKB.iso
-
Size
203.3MB
-
MD5
a78609e1f800f22ca455d621492ee058
-
SHA1
52841510df9461ce446ad19f77eab01d99d7b5f1
-
SHA256
b7de1dc09a35f212e9c46c6edee2ae03b739ee6744c778030886e087707ff027
-
SHA512
d317891da8e2f36556a333eaf32a6868fb1fe6f188b44bdc2c3f86ae8e5e63c5961188e225f60beb8fce078d4e33f332a2dbeea570ca55a15e79b58b86657586
-
SSDEEP
49152:JN2P39PuNYvlHTX2EMuZuzJ2z6nzK/XoY:JNimNC5ozn
Score3/10 -
-
-
Target
RR.lnk
-
Size
1KB
-
MD5
9b1fd4eb34e5bb3f029ad0eb84f4e278
-
SHA1
3f3883ab44af25346c41235d05322e6b4c138440
-
SHA256
65859f608c90734b27ff410c490e20aa28dad5d3dd8b8f84cf03e6f01fdcb5e6
-
SHA512
a8a0ec6f1f1da6b4ba75df9192a7719497b5ee5bf17b00759c72ad44a8024ca1946de2651f16d3432d657fd9568bc0e896eb196eadeaf1f79840bed4870d59a7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
vibrations/curvature.cmd
-
Size
240B
-
MD5
6dd2ab019159cfff54446fe3f6659091
-
SHA1
7ac4704bb7065eea6f06ee8e8d6826c258f64c0a
-
SHA256
c2e2c8ab4f7a1ae8c06fdd0967661b821c28eb370d43f40f6f0111bc199e2571
-
SHA512
b9dcac77a995eca8b0f4d76d34d6e2444f69a71ff9f6913d618544de5b86171f452d9d4762f86b04ee6d91f39865499e395e1c30d2bb0682122a3cecb1f16f7d
Score1/10 -
-
-
Target
vibrations/outbids.exe
-
Size
1.6MB
-
MD5
018796d4670ac12865be2f00382bbc8e
-
SHA1
8564027153dca487eca613345ab3b2de0add4f26
-
SHA256
22d1471ed17c681aa5580c59712005e1c70ef9c306cbcad245a64f7dfae47847
-
SHA512
4edac00e0d19b439c300328bf4f7abc98cadfce0d7f4283f1c6278bec24d0ed7c2e51090a2e584a7a2a2e645e396a890d9589fe3f660fa73fc238a09d827bc7b
-
SSDEEP
24576:qN2PGK9rDuNMZD22lHNFVntTX25fHSMv0UskeuzQU2z6IdcL6UCUK:qN2P39PuNYvlHTX2EMuZuzJ2z6nzK
Score1/10 -
-
-
Target
vibrations/vets.sql
-
Size
1.6MB
-
MD5
11d046fe7ad0156dbc4bb7bf75a44ce3
-
SHA1
3346966e784efad4a01cfb9fdba709ce9bc2f31a
-
SHA256
39708e7376995f9e8584f534e2dfaa16ba296169d42a46857f19d7837594eaba
-
SHA512
8bd149805facc4ae5176bcc3ee4af243a3c22f536fbd53aff854b8ae900c15e98a667042e025db98d0b81c21bbaa4317c2e0a79afd450cb043220286e06d5dd8
-
SSDEEP
12288:hgD7oi4JVR7GiHZJUMY4qSl9rBQpVvFBuLBmIiPy0Kko1KTVFufFKHcqgEQX0ekS:c7o9PrBeVXoY76Nj31J
Score3/10 -