General
-
Target
230501-ncevfaapjs_pw_infected.zip
-
Size
267KB
-
Sample
230504-mr6q2abg42
-
MD5
cad74f42ef76ffab8e0e13b9fcc010ca
-
SHA1
7b65635e26874fe6ced6a36ba1b14191de7fa1db
-
SHA256
44d9e8a18f0444fc2604d413b91c441ea64501ccbc9e5e941c08a7dd736bc6f1
-
SHA512
95ab77eae66a7b1805290ad5d170fe88d6ecd984a355442b7fcef1777c639d4c63c81c0463e38fab835eaff79982846f6ffc07424e4c47901f2d59d81427b027
-
SSDEEP
6144:M/ICWRylPi6MT+hYZElZf5xTBKHIKmoq2+1HbJ3LOE7iAJ:MgdiPi6MiYZa9Ku28tiNAJ
Static task
static1
Behavioral task
behavioral1
Sample
akujulaheq1znfv.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
akujulaheq1znfv.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
run.bat
Resource
win7-20230220-en
Malware Config
Extracted
qakbot
404.1026
obama256
1682410355
96.56.197.26:2222
151.30.34.144:443
217.165.239.223:443
91.82.4.46:443
151.213.66.34:995
81.111.108.123:443
88.171.156.150:50000
92.149.250.113:2222
92.189.214.236:2222
103.123.223.130:443
67.10.2.240:995
70.112.206.5:443
86.225.214.138:2222
172.248.42.122:443
147.219.4.194:443
24.139.11.137:443
74.92.243.115:50000
198.2.51.242:993
75.98.154.19:443
92.239.81.124:443
92.27.86.48:2222
47.205.25.170:443
76.16.49.134:443
174.118.63.123:443
119.82.121.87:443
70.28.50.223:32100
74.58.71.237:443
14.192.241.76:995
12.172.173.82:2087
76.86.31.59:443
12.172.173.82:995
161.142.98.36:995
91.165.188.74:50000
70.28.50.223:3389
50.68.186.195:443
72.203.216.98:2222
94.207.107.69:443
75.143.236.149:443
31.53.29.207:2222
58.186.75.42:443
75.109.111.89:443
68.173.170.110:8443
105.184.103.214:995
47.21.51.138:443
12.172.173.82:50001
59.28.84.65:443
114.143.176.235:443
73.161.176.218:443
197.94.78.32:443
122.186.210.254:443
50.68.204.71:995
147.147.30.126:2222
27.99.32.26:2222
78.130.215.67:443
2.36.64.159:2078
98.145.23.67:443
85.84.222.49:443
181.4.225.225:443
184.176.35.223:2222
58.162.223.233:443
67.61.61.31:443
96.87.28.170:2222
12.172.173.82:21
91.169.12.198:32100
50.68.204.71:443
70.26.75.148:2222
49.245.95.124:2222
176.142.207.63:443
12.172.173.82:993
79.77.142.22:2222
202.186.177.220:443
92.186.69.229:2222
50.68.204.71:993
70.28.50.223:2078
70.28.50.223:2087
78.192.109.105:2222
123.3.240.16:995
86.45.66.141:2222
64.121.161.102:443
184.182.66.109:443
103.140.174.20:2222
69.242.31.249:443
181.118.183.109:443
49.175.72.99:443
84.215.202.8:443
86.130.9.135:2222
92.9.45.20:2222
200.90.68.166:2222
94.200.183.66:2222
183.87.163.165:443
125.99.76.102:443
109.149.148.20:2222
187.199.153.185:32103
95.60.243.19:995
35.143.97.145:995
124.149.143.189:2222
70.28.50.223:2083
2.82.8.80:443
213.91.235.146:443
104.35.24.154:443
12.172.173.82:32101
174.4.89.3:443
47.34.30.133:443
71.38.155.217:443
109.153.252.176:2222
173.18.122.24:443
70.28.50.223:1194
72.205.104.134:443
86.171.131.244:995
102.159.219.132:443
76.170.252.153:995
72.134.124.16:443
81.229.117.95:2222
201.244.108.183:995
47.199.241.39:443
91.35.212.133:995
12.172.173.82:22
12.172.173.82:20
184.153.132.82:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
akujulaheq1znfv.dat
-
Size
484KB
-
MD5
6725bb4f61228f18b17670b049efbd8c
-
SHA1
60e5654c97b7a824b7b9d99094f5ed6f1ff7eb37
-
SHA256
8a0e07b73dfb57c9ef67ea9dc15c2e6c00c88af5bdb44ecf5c4996373b2c4903
-
SHA512
73e7b72a6b6360a5f25d5e2812aef209bc7b18d3397fc4d1b34de12f316afd3671d27afe14be6728e81d4ea8bfac0e647925d98a79cc4daa44649890bf32e074
-
SSDEEP
12288:PktrSicS34lshdebVXcqf8FJfDIHx8osKFlGE:MtrSFS3D0xjf8FJbA8osKFP
-
-
-
Target
run.bat
-
Size
48B
-
MD5
f8a11212caf7bb0b678009099edb77ba
-
SHA1
a3caedf69f3a72490b5d519e61b44810576501ef
-
SHA256
8354444c2731226b88ba03e35784862e591249a5cb14a27c31fc0cb3aed89275
-
SHA512
dadd00a61185265187a7ecf3a792b7764f69d2e8fa3d9ded31d6f5d721228213b57ed57d98853e59428bcefa001a0942295eb596b79b14264f5101419be64a0b
-