General
-
Target
2d9a718e60238a696d4616ef279c0a99a05d1fbb2efaded26db1f0c3ba5acde6.dll.exe
-
Size
13.5MB
-
Sample
230407-bf3z8afh42
-
MD5
a46c696d1afb964a9dc8b838e8978bd2
-
SHA1
edc5ee2ebb8a7f7563a102ce5ee35c5c50276cc6
-
SHA256
2d9a718e60238a696d4616ef279c0a99a05d1fbb2efaded26db1f0c3ba5acde6
-
SHA512
1f2247b49c8e3142bd6d92e5faefd14467de584ccff6d6424d57b1c7974151b7cdc0fb47617077fc2e7cf99d7405785e2d321cbd5a316f2a2f11b3a64328f895
-
SSDEEP
49152:LfNqvX0brf57E7CMelJadKe3fUZ5TwEktnXhCLfmP+JhkCXfHz:sv03xQCM/82fUZWXRhqfmP+Jhkkz
Static task
static1
Behavioral task
behavioral1
Sample
2d9a718e60238a696d4616ef279c0a99a05d1fbb2efaded26db1f0c3ba5acde6.dll.xll
Resource
win7-20230220-en
Malware Config
Extracted
Extracted
qakbot
403.573
tzr01
1649312144
140.82.49.12:443
182.191.92.203:995
176.67.56.94:443
148.64.96.100:443
47.180.172.159:443
47.23.89.62:995
181.118.183.98:443
1.161.121.58:995
96.21.251.127:2222
119.158.126.69:995
41.228.22.180:443
176.88.238.122:995
66.98.42.102:443
83.110.85.209:443
208.107.221.224:443
172.115.177.204:2222
73.67.152.98:2222
176.205.119.81:2078
46.107.48.202:443
81.215.196.174:443
24.43.99.75:443
201.103.199.197:443
94.59.57.24:2222
47.23.89.62:993
187.207.48.194:61202
75.99.168.194:61201
45.9.20.200:443
173.174.216.62:443
47.180.172.159:50010
39.44.144.159:995
92.177.45.46:2078
89.137.52.44:443
83.110.75.97:2222
2.50.137.197:443
149.28.238.199:995
140.82.63.183:443
140.82.63.183:995
144.202.3.39:443
144.202.2.175:443
144.202.2.175:995
45.76.167.26:443
45.76.167.26:995
45.63.1.12:443
149.28.238.199:443
45.63.1.12:995
144.202.3.39:995
83.110.85.209:995
32.221.224.140:995
31.35.28.29:443
202.134.152.2:2222
71.13.93.154:2222
103.88.226.30:443
197.89.144.142:443
70.46.220.114:443
91.177.173.10:995
175.145.235.37:443
180.183.128.80:2222
181.208.248.227:443
76.25.142.196:443
117.248.109.38:21
172.114.160.81:995
86.98.156.250:993
67.209.195.198:443
24.178.196.158:2222
174.69.215.101:443
217.128.122.65:2222
89.211.187.3:2222
58.105.167.36:50000
120.150.218.241:995
92.154.9.41:2222
1.161.121.58:443
209.197.176.40:995
103.230.180.119:443
173.21.10.71:2222
96.37.113.36:993
190.73.3.148:2222
76.69.155.202:2222
96.29.208.97:443
74.15.2.252:2222
76.70.9.169:2222
39.52.126.9:995
75.113.214.234:2222
86.98.208.214:2222
108.60.213.141:443
75.99.168.194:443
121.74.167.191:995
103.139.243.207:990
38.70.253.226:2222
102.140.71.16:443
203.122.46.130:443
45.46.53.140:2222
73.151.236.31:443
101.50.103.193:995
63.143.92.99:995
71.74.12.34:443
191.99.191.28:443
76.169.147.192:32103
187.250.114.15:443
181.62.0.59:443
72.12.115.90:22
201.145.189.252:443
102.182.232.3:995
189.178.217.247:22
72.252.201.34:995
72.76.94.99:443
144.136.35.102:2222
190.252.242.69:443
201.211.64.196:2222
207.170.238.231:443
109.12.111.14:443
40.134.246.185:995
100.1.108.246:443
24.55.67.176:443
70.51.134.168:2222
37.34.253.233:443
179.158.105.44:443
187.102.135.142:2222
47.156.191.217:443
72.252.201.34:990
191.17.223.93:32101
31.215.69.127:443
93.48.80.198:995
143.0.34.185:443
196.203.37.215:80
191.112.29.181:443
41.230.62.211:993
82.152.39.39:443
31.48.166.122:2078
41.107.230.119:443
90.120.65.153:2078
140.0.161.213:2222
85.246.82.244:443
86.195.158.178:2222
189.135.97.234:443
37.210.238.79:61202
5.95.58.211:2087
105.226.83.196:995
103.107.113.120:443
80.11.74.81:2222
41.38.167.179:995
120.61.1.87:443
78.161.215.162:443
109.228.220.196:443
39.49.33.60:995
31.56.252.29:32103
102.159.243.153:443
45.241.214.192:995
42.235.146.7:2222
83.110.157.57:2222
197.162.118.178:993
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Targets
-
-
Target
2d9a718e60238a696d4616ef279c0a99a05d1fbb2efaded26db1f0c3ba5acde6.dll.exe
-
Size
13.5MB
-
MD5
a46c696d1afb964a9dc8b838e8978bd2
-
SHA1
edc5ee2ebb8a7f7563a102ce5ee35c5c50276cc6
-
SHA256
2d9a718e60238a696d4616ef279c0a99a05d1fbb2efaded26db1f0c3ba5acde6
-
SHA512
1f2247b49c8e3142bd6d92e5faefd14467de584ccff6d6424d57b1c7974151b7cdc0fb47617077fc2e7cf99d7405785e2d321cbd5a316f2a2f11b3a64328f895
-
SSDEEP
49152:LfNqvX0brf57E7CMelJadKe3fUZ5TwEktnXhCLfmP+JhkCXfHz:sv03xQCM/82fUZWXRhqfmP+Jhkkz
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-