Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ProjectFunding_450726_Jun01.js
-
Size
1KB
-
Sample
230601-s5bqpsfb38
-
MD5
a657553449746c482dacfe3b19119b7a
-
SHA1
630b815d443f8f7ef7e4c4c7c100de1cd8a7ed53
-
SHA256
44e029dd6210c4906a82e1f16dd5ebed434efd225dafb92fc560e6ff6d1ee948
-
SHA512
dea33536a5c5fe279ca1a8a3d4639be0f49d5ca3c21f4cbbda10c5d059837c2bc4c3917cdbddd0fc9f4a0773f325369b200f0df8e0035da6afab26f09502c321
Static task
static1
Behavioral task
behavioral1
Sample
ProjectFunding_450726_Jun01.js
Resource
win7-20230220-en
Malware Config
Extracted
qakbot
404.1346
obama266
1685611378
24.234.220.88:990
70.28.50.223:2078
96.56.197.26:2083
103.123.223.133:443
83.249.198.100:2222
199.27.66.213:443
90.104.151.37:2222
94.204.202.106:443
72.205.104.134:443
65.95.141.84:2222
82.131.141.209:443
77.126.99.230:443
71.38.155.217:443
205.237.67.69:995
84.215.202.8:443
24.234.220.88:465
76.178.148.107:2222
116.74.163.130:443
70.28.50.223:2087
147.147.30.126:2222
173.88.135.179:443
103.140.174.20:2222
77.86.98.236:443
92.149.250.113:2222
96.87.28.170:2222
86.168.210.41:443
176.142.207.63:443
12.172.173.82:32101
86.132.236.117:443
70.50.83.216:2222
161.142.103.187:995
45.62.70.33:443
12.172.173.82:465
178.175.187.254:443
83.110.223.61:443
105.184.209.194:995
41.186.88.38:443
102.156.10.183:443
27.109.19.90:2078
47.205.25.170:443
12.172.173.82:993
76.170.252.153:995
69.242.31.249:443
24.234.220.88:995
125.99.69.178:443
79.168.224.165:2222
75.143.236.149:443
14.192.241.76:995
124.122.47.148:443
81.229.117.95:2222
98.145.23.67:443
114.143.176.236:443
103.144.201.48:2078
122.186.210.254:443
69.160.121.6:61201
12.172.173.82:21
72.253.126.216:443
75.109.111.89:443
76.86.31.59:443
116.120.145.170:995
12.172.173.82:50001
81.101.185.146:443
201.244.108.183:995
68.203.69.96:443
103.139.242.6:443
103.42.86.42:995
85.61.165.153:2222
76.16.49.134:443
125.99.76.102:443
184.182.66.109:443
70.28.50.223:32100
50.68.204.71:993
85.57.212.13:3389
41.227.190.59:443
70.28.50.223:3389
31.53.29.235:2222
89.79.229.50:443
50.68.186.195:443
47.199.241.39:443
93.147.235.8:443
75.141.227.169:443
45.243.142.31:995
79.92.15.6:443
85.104.105.67:443
89.129.109.27:2222
86.176.83.44:2222
24.234.220.88:993
89.32.156.5:995
12.172.173.82:22
103.101.203.177:443
70.28.50.223:2083
98.187.21.2:443
70.49.205.198:2222
96.56.197.26:2222
92.9.45.20:2222
86.195.14.72:2222
172.115.17.50:443
100.4.163.158:2222
80.12.88.148:2222
213.64.33.92:2222
113.11.92.30:443
78.192.109.105:2222
47.34.30.133:443
122.184.143.86:443
198.2.51.242:993
165.120.169.171:2222
88.126.94.4:50000
82.125.44.236:2222
117.195.17.148:993
147.219.4.194:443
80.167.196.79:443
92.154.17.149:2222
184.181.75.148:443
95.45.50.93:2222
84.35.26.14:995
201.143.215.69:443
12.172.173.82:2087
50.68.204.71:443
64.121.161.102:443
Targets
-
-
Target
ProjectFunding_450726_Jun01.js
-
Size
1KB
-
MD5
a657553449746c482dacfe3b19119b7a
-
SHA1
630b815d443f8f7ef7e4c4c7c100de1cd8a7ed53
-
SHA256
44e029dd6210c4906a82e1f16dd5ebed434efd225dafb92fc560e6ff6d1ee948
-
SHA512
dea33536a5c5fe279ca1a8a3d4639be0f49d5ca3c21f4cbbda10c5d059837c2bc4c3917cdbddd0fc9f4a0773f325369b200f0df8e0035da6afab26f09502c321
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-