General
-
Target
7494dfce601f88205487e074f43c93a5bd8344be421a35d7f9c510e5fb08778b_0a64c3b18f10fa85be3a7e18029d30af1f3cecacc7d20976b1701527e315bcc1.exe
-
Size
521KB
-
Sample
240822-gexdyavbml
-
MD5
4f8f818e636f157d640c8e003630d311
-
SHA1
2834f4726770237327355e6427fbde23eb4465e1
-
SHA256
0a64c3b18f10fa85be3a7e18029d30af1f3cecacc7d20976b1701527e315bcc1
-
SHA512
60c590a35e43453f4d5d062ea14c736f2fbf380cc343411566131441f0b45530fa71d6456007f870a479a60d941a9b56eac48737817d91dd905a2e6a17a49546
-
SSDEEP
6144:53iGEtpvg9pe3oUADfamC9EGqswger75gYK9KRCv/qn8TW:53mgLbtvswgK75b0o6Snj
Behavioral task
behavioral1
Sample
7494dfce601f88205487e074f43c93a5bd8344be421a35d7f9c510e5fb08778b_0a64c3b18f10fa85be3a7e18029d30af1f3.exe
Resource
win7-20240705-en
Malware Config
Extracted
qakbot
324.142
spx131
1591077865
73.226.220.56:443
98.148.177.77:443
207.255.161.8:443
72.190.101.70:443
100.38.123.22:443
50.104.186.71:443
67.249.222.14:443
104.235.61.64:443
207.255.161.8:2222
71.197.180.27:443
72.209.191.27:443
64.19.74.29:995
71.209.67.223:2222
98.115.138.61:443
75.87.161.32:995
58.233.220.182:443
68.174.15.223:443
50.244.112.10:443
76.187.8.160:443
173.22.120.11:2222
86.126.6.232:443
69.40.17.142:443
187.155.70.157:443
108.185.113.12:443
207.255.161.8:2078
5.14.146.177:2222
24.201.79.208:2078
50.29.181.193:995
24.152.219.253:995
207.255.161.8:32103
85.186.141.62:995
98.219.77.197:443
137.99.224.198:443
67.250.184.157:443
24.122.228.88:443
93.113.90.128:443
31.5.41.52:443
46.102.80.58:443
81.103.144.77:443
47.185.186.9:443
188.173.70.18:443
207.255.161.8:995
24.43.22.220:993
220.135.31.140:2222
71.77.231.251:443
76.25.142.196:443
189.159.114.75:995
86.124.10.69:443
208.82.44.203:443
211.24.72.253:443
101.108.115.231:443
96.18.240.158:443
24.55.152.50:995
70.93.151.141:443
117.216.178.196:443
67.246.16.250:995
173.175.29.210:443
83.216.134.113:2222
1.40.42.4:443
47.152.210.233:443
67.131.59.17:443
67.0.90.102:443
82.127.193.151:2222
175.141.237.212:443
72.29.181.77:2078
96.41.93.96:443
175.111.128.234:995
178.87.33.158:443
50.91.171.137:443
140.82.21.191:443
79.113.7.246:443
98.110.231.63:443
78.96.192.26:443
213.67.45.195:2222
207.162.184.228:443
104.36.135.227:443
188.24.190.219:443
189.140.112.184:443
103.76.160.110:443
24.42.14.241:443
97.93.211.17:443
72.204.242.138:443
98.32.60.217:443
24.255.176.233:443
172.87.134.226:443
173.187.103.35:443
67.165.206.193:995
188.192.75.8:995
47.153.115.154:443
47.40.244.237:443
142.129.227.86:443
173.187.170.190:443
24.43.22.220:443
207.255.161.8:2087
207.255.161.8:32102
120.29.124.86:443
108.58.9.238:995
66.222.88.126:995
45.46.53.140:2222
98.114.185.3:443
71.187.170.235:443
134.0.196.46:995
75.81.25.223:443
108.51.73.186:443
50.247.230.33:995
76.170.77.99:443
96.56.237.174:993
203.106.195.139:443
50.29.166.232:995
197.210.96.222:995
216.163.4.91:443
105.98.48.245:443
67.83.54.76:2222
98.4.227.199:443
24.43.22.220:995
24.10.42.174:443
69.92.54.95:995
108.31.92.113:443
47.205.231.60:443
66.26.160.37:443
72.132.249.144:995
71.163.225.75:443
65.131.44.40:995
65.100.247.6:2083
108.58.9.238:443
77.159.149.74:443
50.244.112.106:443
75.137.239.211:443
47.153.115.154:995
72.16.212.108:465
24.46.40.189:2222
173.172.205.216:443
73.200.219.143:443
184.98.104.7:995
173.202.207.7:443
47.146.169.85:443
24.40.173.134:443
80.195.103.146:2222
74.56.167.31:443
67.209.195.198:3389
216.110.249.252:2222
72.177.157.217:995
108.58.9.238:993
173.79.220.156:443
96.37.137.42:443
78.188.109.130:443
70.174.3.241:443
79.117.161.67:21
203.33.139.134:443
Targets
-
-
Target
7494dfce601f88205487e074f43c93a5bd8344be421a35d7f9c510e5fb08778b_0a64c3b18f10fa85be3a7e18029d30af1f3cecacc7d20976b1701527e315bcc1.exe
-
Size
521KB
-
MD5
4f8f818e636f157d640c8e003630d311
-
SHA1
2834f4726770237327355e6427fbde23eb4465e1
-
SHA256
0a64c3b18f10fa85be3a7e18029d30af1f3cecacc7d20976b1701527e315bcc1
-
SHA512
60c590a35e43453f4d5d062ea14c736f2fbf380cc343411566131441f0b45530fa71d6456007f870a479a60d941a9b56eac48737817d91dd905a2e6a17a49546
-
SSDEEP
6144:53iGEtpvg9pe3oUADfamC9EGqswger75gYK9KRCv/qn8TW:53mgLbtvswgK75b0o6Snj
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-