Overview
overview
10Static
static
19562928861.zip
windows7-x64
19562928861.zip
windows10-2004-x64
1547de75773...de.zip
windows7-x64
1547de75773...de.zip
windows10-2004-x64
1Agreement_...r4.xll
windows7-x64
10Agreement_...r4.xll
windows10-2004-x64
1Agreement_...r4.xll
windows7-x64
7Agreement_...r4.xll
windows10-2004-x64
10General
-
Target
9562928861.zip
-
Size
1.5MB
-
Sample
230315-r9m4vsdg45
-
MD5
232483e0760b6b334bf8cb1ac533060e
-
SHA1
76bf8c74be91276bfd0ac2fe6fd3917f1214bbe0
-
SHA256
ed99937314d2aa6cd69bca7a9fe2e71b2880fa37846965d5578986525ef2f3fe
-
SHA512
17491cc2e910ffa62954d4b5e443df8aba91f70b433cad64f57b579903cb57745780b3fa05664af42060255286fc775c764e8e9005dc8fc69abff2ee723f0e1b
-
SSDEEP
49152:vUzPQpPcnTSQAU8GuI1skstg8TzTGy5+HiHRD:vUzIp0eS93eky9Og+CRD
Static task
static1
Behavioral task
behavioral1
Sample
9562928861.zip
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
9562928861.zip
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
547de75773c2e3d12c5b9ea46b6b9f28410095e2d9b6441dd1580def448b94de.zip
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
547de75773c2e3d12c5b9ea46b6b9f28410095e2d9b6441dd1580def448b94de.zip
Resource
win10v2004-20230221-en
Behavioral task
behavioral5
Sample
Agreement_277183_Mar4.xll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Agreement_277183_Mar4.xll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
Agreement_277183a_Mar4.xll
Resource
win7-20230220-en
Malware Config
Extracted
qakbot
404.266
obama242
1678805546
92.239.81.124:443
176.202.46.81:443
2.49.58.47:2222
86.225.214.138:2222
74.66.134.24:443
213.31.90.183:2222
12.172.173.82:50001
202.187.87.178:995
70.53.96.223:995
92.154.45.81:2222
186.64.67.54:443
81.158.112.20:2222
190.191.35.122:443
68.173.170.110:8443
12.172.173.82:993
98.145.23.67:443
12.172.173.82:22
37.186.55.60:2222
84.216.198.124:6881
73.161.176.218:443
94.30.98.134:32100
78.196.246.32:443
12.172.173.82:995
88.122.133.88:32100
173.18.126.3:443
201.244.108.183:995
24.178.201.230:2222
76.27.40.189:443
151.65.134.135:443
197.14.148.149:443
197.244.108.123:443
201.137.185.109:443
86.130.9.213:2222
190.75.139.66:2222
213.67.255.57:2222
90.104.22.28:2222
189.222.53.217:443
122.184.143.84:443
92.159.173.52:2222
70.121.198.103:2078
91.68.227.219:443
86.236.114.212:2222
80.12.88.148:2222
178.175.187.254:443
73.36.196.11:443
47.196.225.236:443
65.95.49.237:2222
12.172.173.82:2087
184.176.35.223:2222
186.48.181.17:995
2.14.105.160:2222
208.180.17.32:2222
190.218.125.145:443
109.11.175.42:2222
23.251.92.171:2222
196.70.212.80:443
75.156.125.215:995
184.189.41.80:443
31.48.18.52:443
103.12.133.134:2222
70.51.152.61:2222
47.203.229.168:443
104.35.24.154:443
190.28.116.106:443
92.154.17.149:2222
103.169.83.89:443
86.169.103.3:443
92.27.86.48:2222
92.1.170.110:995
183.87.163.165:443
85.241.180.94:443
76.170.252.153:995
92.20.204.198:2222
103.141.50.102:995
81.229.117.95:2222
50.68.204.71:995
47.34.30.133:443
173.178.151.233:443
47.16.77.194:2222
83.92.85.93:443
76.80.180.154:995
67.70.23.222:2222
24.117.237.157:443
35.143.97.145:995
87.202.101.164:50000
64.237.245.195:443
103.231.216.238:443
74.93.148.97:995
103.71.21.107:443
71.65.145.108:443
12.172.173.82:465
72.80.7.6:50003
184.153.132.82:443
86.178.33.20:2222
94.200.183.66:2222
70.55.187.152:2222
98.159.33.25:443
136.35.241.159:443
24.187.145.201:2222
72.88.245.71:443
65.94.87.200:2222
184.176.110.61:61202
49.245.82.178:2222
12.172.173.82:32101
46.10.198.134:443
84.35.26.14:995
103.252.7.231:443
187.199.103.21:32103
139.5.239.14:443
202.142.98.62:443
27.109.19.90:2078
86.190.223.11:2222
75.143.236.149:443
50.68.204.71:993
91.169.12.198:32100
88.126.94.4:50000
24.239.69.244:443
12.172.173.82:21
174.104.184.149:443
116.72.250.18:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Extracted
Targets
-
-
Target
9562928861.zip
-
Size
1.5MB
-
MD5
232483e0760b6b334bf8cb1ac533060e
-
SHA1
76bf8c74be91276bfd0ac2fe6fd3917f1214bbe0
-
SHA256
ed99937314d2aa6cd69bca7a9fe2e71b2880fa37846965d5578986525ef2f3fe
-
SHA512
17491cc2e910ffa62954d4b5e443df8aba91f70b433cad64f57b579903cb57745780b3fa05664af42060255286fc775c764e8e9005dc8fc69abff2ee723f0e1b
-
SSDEEP
49152:vUzPQpPcnTSQAU8GuI1skstg8TzTGy5+HiHRD:vUzIp0eS93eky9Og+CRD
Score1/10 -
-
-
Target
547de75773c2e3d12c5b9ea46b6b9f28410095e2d9b6441dd1580def448b94de
-
Size
1.5MB
-
MD5
60d7fc5cd2d8fa66bc7adaa187b09c7b
-
SHA1
363aa00aa728614db9d0492997175b8287cdbf6d
-
SHA256
547de75773c2e3d12c5b9ea46b6b9f28410095e2d9b6441dd1580def448b94de
-
SHA512
0051f56f2fced3302a2280334849f62f3203c15e59763cd8c12845f5278adb8d2fab4652d22473f741da4e546c53d5fc3330e9e999ae8b47def28fcf8413e363
-
SSDEEP
49152:JaeENIGDFC/yGxS8RFW/pwpsSNJuNrd6POjj2O:Jae8IGAyCS8veSLu5vnj
Score1/10 -
-
-
Target
Agreement_277183_Mar4.xll
-
Size
589KB
-
MD5
34500ab4418a844d9cb84c88ad980c0b
-
SHA1
dccff591d601fb53dc171115cede2c62894c8e61
-
SHA256
64b6e5633ee0b6393bbaa3cc2068af6b6527f25615f6049b19cd105390de27b3
-
SHA512
84c346452561eae2a6e9364b5c266001d0104c456517c7ae08bcf4be1a22b46bf0355e80715e90e88a98d7e78284656c3300276d48297ce9e68111da0a80b36e
-
SSDEEP
6144:8cTaT6oGCNIamrNSYVnt2pONtX7EmG2dOdQRG8l/dmMF7VndLmmmmmmm644tkw95:f+pSIm3OdQwgvpVndf42HXDiuJTMw4
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-
-
-
Target
Agreement_277183a_Mar4.xll
-
Size
2.3MB
-
MD5
109396393d86831ebcfd44c43e97ad63
-
SHA1
9180bc13b167ca7d2fe75c061f60c2bf580bab1a
-
SHA256
cdd168c54958a2ae49d029533df5eeea4a12e418b09f5f44174c108a91799237
-
SHA512
febc52ef022571de70331b47a7092b376591b87ca874fd1eacb0e6962b477ac6b79576d4ff3bca37347eb33402ad848bd4004aef38e8c011fb3adfa3a789771e
-
SSDEEP
49152:Wjrwd3EfessB2KEAQ3PlAEIZ6QqrONloCt4nnM+DoRDPOjYvf9FB:arwd028KEl39AdZ/6y+9M7RDPZB
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-