General
-
Target
9DEUT.zip
-
Size
1.6MB
-
Sample
230223-agrg5seb48
-
MD5
fa9515d72604767ac425f168be2d146a
-
SHA1
2a9ad765cb39484bbccfcaaadc7c3e100a73aaa0
-
SHA256
749ebbf90e6b4819795b61976f5f589368acc86ced65c8e5633d1fe612cc0de4
-
SHA512
b3c34a0f74b37599df378d2ee5184447750971cf4fb7933f3c078f2f94e52765ec72474de3afce799243a8cb792d293764ac5be4eade66babf60430d60b38e9a
-
SSDEEP
49152:tNKfpmk/zQwfkEHoMds7j8KTguqmSTs5+XrO:qmk/zQekDesBEu/QCKO
Static task
static1
Behavioral task
behavioral1
Sample
RR.lnk
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
RR.lnk
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
vibrations/elephant.sql
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
vibrations/elephant.sql
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
vibrations/sultanas.cmd
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
vibrations/sultanas.cmd
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
vibrations/thirstily.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
vibrations/thirstily.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
qakbot
404.9
BB16
1677046917
47.21.51.138:443
72.80.7.6:50003
82.127.204.82:2222
49.175.72.56:443
201.244.108.183:995
122.184.143.82:443
102.156.253.86:443
74.58.71.237:443
47.21.51.138:995
77.86.98.236:443
71.31.101.183:443
136.232.184.134:995
86.225.214.138:2222
95.242.101.251:995
109.11.175.42:2222
90.78.138.217:2222
184.176.35.223:2222
35.143.97.145:995
202.186.177.88:443
114.79.180.14:995
86.150.47.219:443
183.87.163.165:443
50.68.186.195:443
190.75.95.164:2222
98.145.23.67:443
67.10.175.47:2222
71.212.147.224:2222
88.126.94.4:50000
103.140.174.19:2222
103.231.216.238:443
78.84.123.237:995
180.151.108.14:443
80.47.57.131:2222
198.2.51.242:993
50.68.204.71:995
205.164.227.222:443
147.219.4.194:443
77.124.6.149:443
49.245.82.178:2222
46.10.198.107:443
76.80.180.154:995
12.172.173.82:32101
68.150.18.161:443
68.173.170.110:8443
24.9.220.167:443
12.172.173.82:2087
50.68.204.71:993
107.146.12.26:2222
81.229.117.95:2222
27.0.48.233:443
69.133.162.35:443
59.28.84.65:443
76.170.252.153:995
89.32.159.192:995
202.142.98.62:995
73.78.215.104:443
181.164.217.211:443
92.97.203.51:2222
116.74.164.26:443
103.141.50.102:995
149.74.159.67:2222
116.72.250.18:443
125.99.69.178:443
202.142.98.62:443
67.61.71.201:443
103.123.223.168:443
80.13.205.69:2222
80.0.74.165:443
86.99.54.39:2222
213.67.255.57:2222
176.142.207.63:443
50.67.17.92:443
217.165.1.53:2222
70.64.77.115:443
2.50.47.74:443
66.191.69.18:995
75.143.236.149:443
197.92.136.122:443
108.190.203.42:995
50.68.204.71:443
12.172.173.82:995
70.77.116.233:443
162.248.14.107:443
75.98.154.19:443
58.247.115.126:995
184.68.116.146:61202
41.99.50.76:443
184.68.116.146:3389
72.203.216.98:2222
103.252.7.231:443
12.172.173.82:50001
70.160.80.210:443
12.172.173.82:465
12.172.173.82:21
47.34.30.133:443
202.187.232.161:995
98.147.155.235:443
124.122.56.144:443
75.141.227.169:443
103.144.201.53:2078
172.248.42.122:443
12.172.173.82:990
24.239.69.244:443
173.18.126.3:443
73.165.119.20:443
90.104.22.28:2222
14.192.241.76:995
74.33.196.114:443
74.93.148.97:995
86.202.48.142:2222
174.104.184.149:443
12.172.173.82:20
109.151.144.37:443
104.35.24.154:443
114.143.176.234:443
84.35.26.14:995
45.50.233.214:443
64.237.185.60:443
73.161.176.218:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
RR.lnk
-
Size
1KB
-
MD5
27e3015a1377cfa45182a3bca5e488c2
-
SHA1
d31a5c93f66b517a6f0838c2efc560397314e441
-
SHA256
38d69df1ab5bc566d14ad8053febf9d5896cf7acfe5163cf81010195b379a998
-
SHA512
5630f060e823b3bde38626fbbe1cc1cf11ea0560e439c389c39446eb84d8c4cdcca6abdd91fb453b11f7f824bf18e0d7591e1a2367ab59aba9eb9f63af8718cb
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
vibrations/elephant.sql
-
Size
1.6MB
-
MD5
6e15a32f1e2bfd30ce85a4258d06d469
-
SHA1
8f9d43e7d0f22b7bee04cf6bd815e77b0df43f30
-
SHA256
cd8e21614eebb91fa0424aa07ee05287a6411064a0e75e32f99d1ffbf0aac087
-
SHA512
1f8a6a4bb46088b4422734d8359ae47b0f815415c8977c15db39d5939d23eff8ca77b1bf0b4b6aa14bcd2ff9b24bde46b79383f696c94f39eab17cc8909587b4
-
SSDEEP
12288:hgD7oi4JVR7GiHZJUMY4qSl9rBQpVvFBuLBmIiPy0Kko1KTVFufFKHcqgEQX0ekt:c7o9PrBeVXoY76Nj3mJ
Score3/10 -
-
-
Target
vibrations/sultanas.cmd
-
Size
237B
-
MD5
62a73d5bec3d92a1162a134764215769
-
SHA1
324635c14ebdcdc074afb7444900faade8715b74
-
SHA256
93d1aa7ec63b29aa854f2887121880b5cbb49b118ae1fd2f3b9e7823b628b039
-
SHA512
de42127ad0943fa5731e8394a5d6ce082c92fb5d070448b7afc042219b3e79626750030cc453890848b4b29ce65f6258b37a9ceb049e4e78ace2e13af7776f1b
Score1/10 -
-
-
Target
vibrations/thirstily.exe
-
Size
1.6MB
-
MD5
018796d4670ac12865be2f00382bbc8e
-
SHA1
8564027153dca487eca613345ab3b2de0add4f26
-
SHA256
22d1471ed17c681aa5580c59712005e1c70ef9c306cbcad245a64f7dfae47847
-
SHA512
4edac00e0d19b439c300328bf4f7abc98cadfce0d7f4283f1c6278bec24d0ed7c2e51090a2e584a7a2a2e645e396a890d9589fe3f660fa73fc238a09d827bc7b
-
SSDEEP
24576:qN2PGK9rDuNMZD22lHNFVntTX25fHSMv0UskeuzQU2z6IdcL6UCUK:qN2P39PuNYvlHTX2EMuZuzJ2z6nzK
Score1/10 -