General
-
Target
9287941584.zip
-
Size
1.3MB
-
Sample
230223-rfz7bsga78
-
MD5
eeb6553006d2f39ad411c4d99ec43d75
-
SHA1
2f9f6438cb3d16f888294f2b761175744a4f2276
-
SHA256
ab0a56e2e625f3bc98c1c927576e7403f8bd8ff501def7aa551325b40d469df7
-
SHA512
cafb3f9444506bfa7cb658a3e8b443a5e5c565cc1c20df2b37f38493b6d2dff97c71a042d28d98881c5ec667a359bfc12c7011559d81c20aadeb0b07e6ab957b
-
SSDEEP
24576:5XaiiWYUinMCUqd/wPGReaBmUhR/3ziZyiXQYRFVm/8loq080vuuEEbpxzaC8ASx:quiMfqd/wOReaB3H+yi5RS/kyCEVxzto
Static task
static1
Behavioral task
behavioral1
Sample
0ZVLQ.iso
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0ZVLQ.iso
Resource
win10v2004-20230221-en
Behavioral task
behavioral3
Sample
RR.lnk
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
RR.lnk
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
vibrations/unfed.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
vibrations/unfed.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
vibrations/yokohama.cmd
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
vibrations/yokohama.cmd
Resource
win10v2004-20230220-en
Malware Config
Extracted
qakbot
404.9
BB16
1677046917
47.21.51.138:443
72.80.7.6:50003
82.127.204.82:2222
49.175.72.56:443
201.244.108.183:995
122.184.143.82:443
102.156.253.86:443
74.58.71.237:443
47.21.51.138:995
77.86.98.236:443
71.31.101.183:443
136.232.184.134:995
86.225.214.138:2222
95.242.101.251:995
109.11.175.42:2222
90.78.138.217:2222
184.176.35.223:2222
35.143.97.145:995
202.186.177.88:443
114.79.180.14:995
86.150.47.219:443
183.87.163.165:443
50.68.186.195:443
190.75.95.164:2222
98.145.23.67:443
67.10.175.47:2222
71.212.147.224:2222
88.126.94.4:50000
103.140.174.19:2222
103.231.216.238:443
78.84.123.237:995
180.151.108.14:443
80.47.57.131:2222
198.2.51.242:993
50.68.204.71:995
205.164.227.222:443
147.219.4.194:443
77.124.6.149:443
49.245.82.178:2222
46.10.198.107:443
76.80.180.154:995
12.172.173.82:32101
68.150.18.161:443
68.173.170.110:8443
24.9.220.167:443
12.172.173.82:2087
50.68.204.71:993
107.146.12.26:2222
81.229.117.95:2222
27.0.48.233:443
69.133.162.35:443
59.28.84.65:443
76.170.252.153:995
89.32.159.192:995
202.142.98.62:995
73.78.215.104:443
181.164.217.211:443
92.97.203.51:2222
116.74.164.26:443
103.141.50.102:995
149.74.159.67:2222
116.72.250.18:443
125.99.69.178:443
202.142.98.62:443
67.61.71.201:443
103.123.223.168:443
80.13.205.69:2222
80.0.74.165:443
86.99.54.39:2222
213.67.255.57:2222
176.142.207.63:443
50.67.17.92:443
217.165.1.53:2222
70.64.77.115:443
2.50.47.74:443
66.191.69.18:995
75.143.236.149:443
197.92.136.122:443
108.190.203.42:995
50.68.204.71:443
12.172.173.82:995
70.77.116.233:443
162.248.14.107:443
75.98.154.19:443
58.247.115.126:995
184.68.116.146:61202
41.99.50.76:443
184.68.116.146:3389
72.203.216.98:2222
103.252.7.231:443
12.172.173.82:50001
70.160.80.210:443
12.172.173.82:465
12.172.173.82:21
47.34.30.133:443
202.187.232.161:995
98.147.155.235:443
124.122.56.144:443
75.141.227.169:443
103.144.201.53:2078
172.248.42.122:443
12.172.173.82:990
24.239.69.244:443
173.18.126.3:443
73.165.119.20:443
90.104.22.28:2222
14.192.241.76:995
74.33.196.114:443
74.93.148.97:995
86.202.48.142:2222
174.104.184.149:443
12.172.173.82:20
109.151.144.37:443
104.35.24.154:443
114.143.176.234:443
84.35.26.14:995
45.50.233.214:443
64.237.185.60:443
73.161.176.218:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
0ZVLQ.iso
-
Size
203.3MB
-
MD5
16683f05fbd6b26a1f9643824936ff6b
-
SHA1
65c58e8c7683b1b8a5491f9070c0297b68284736
-
SHA256
a1d77bd0d9fa0387f24378f62a65c9532d9bf28398d3c139b3963343c1ae7a9a
-
SHA512
15188a3dd573b1e60adcdf16a85fb85149b69aa6dc5e9d518ac0a26af027a9464494d7237997c111b0c160884b71a99fe6f8541fe06391ca3714521f660bd4f9
-
SSDEEP
49152:2XoYTN2P39PuNYvlHTX2EMuZuzJ2z6nzK:wNimNC5ozn
Score3/10 -
-
-
Target
RR.lnk
-
Size
1KB
-
MD5
31708b36ba2a3e7da8e0f1c1f04b1735
-
SHA1
fd1ff76899f81fc2ad822d56f6f2b8185787221e
-
SHA256
6f4b859642b0b8b9df130b5cb5fb9b65725df6efbae7245c3fd3062b33928c64
-
SHA512
878c36a842c1388d3118013b47301b9d12d931674f132e46f53c5036a75bb1ec9022d3fd3944ce4002fe549142e558333557d14a0dd734e89e0f8613fd0bfadf
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
vibrations/unfed.exe
-
Size
1.6MB
-
MD5
018796d4670ac12865be2f00382bbc8e
-
SHA1
8564027153dca487eca613345ab3b2de0add4f26
-
SHA256
22d1471ed17c681aa5580c59712005e1c70ef9c306cbcad245a64f7dfae47847
-
SHA512
4edac00e0d19b439c300328bf4f7abc98cadfce0d7f4283f1c6278bec24d0ed7c2e51090a2e584a7a2a2e645e396a890d9589fe3f660fa73fc238a09d827bc7b
-
SSDEEP
24576:qN2PGK9rDuNMZD22lHNFVntTX25fHSMv0UskeuzQU2z6IdcL6UCUK:qN2P39PuNYvlHTX2EMuZuzJ2z6nzK
Score1/10 -
-
-
Target
vibrations/yokohama.cmd
-
Size
238B
-
MD5
6e103a84f0498745d30bbc6c8886609d
-
SHA1
a67ea3cb3f3d4dcc6a56efc2bbee62d576a44a80
-
SHA256
2cfed54700ddce6b838cb10d5d595a5ea7b33d04c66238231ca9819731984f94
-
SHA512
c74a2b7eefdc04c509f97087d017c243c4763b2ef925d90450100025a69f892f5371a7925c78732baaaab37800c82562f554d4389f044936df958a513a201e59
Score1/10 -