Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
jphxaul.exe
-
Size
660KB
-
Sample
191111-jzlt6rkwlj
-
MD5
e7de0cc04f0a433fce5336b7c7504d2c
-
SHA1
ff44818af235da435f601532acd29043b6a37ab0
-
SHA256
e736cf964b998e582fd2c191a0c9865814b632a315435f80798dd2a239a5e5f5
-
SHA512
43b273a7570d6f0a9dc328913e330a16ec64d1768736d93fee21824050a2f3feac5f64e99601543cf31d03e13784d0acb5ddec0bd063a3c870a4cb130cb54442
Task
task1
Sample
jphxaul.exe
Resource
win7v191014
Malware Config
Extracted
qakbot
spx22
1571043018
98.186.90.192:995
2.50.170.151:443
74.194.4.181:443
70.74.159.126:2222
75.70.218.193:443
96.59.11.86:443
168.245.228.71:443
173.22.120.11:2222
71.77.231.251:443
24.184.6.58:2222
108.5.32.66:443
64.19.74.29:995
68.83.59.107:443
104.3.91.20:995
100.4.185.8:443
96.20.238.2:2087
99.228.242.183:995
206.255.212.179:443
50.247.230.33:443
108.55.23.221:443
105.246.79.97:995
172.78.185.176:443
47.23.101.26:993
68.238.56.27:443
72.213.98.233:443
74.88.112.250:2222
174.16.234.171:993
173.161.148.169:995
50.78.93.74:995
111.125.70.30:2222
47.202.98.230:443
222.195.69.36:2078
217.162.149.212:443
47.23.101.26:465
98.186.155.8:443
70.183.177.71:443
96.20.238.2:2222
69.119.185.172:995
104.152.16.45:995
199.126.92.231:995
174.82.131.155:995
96.20.238.2:2083
24.180.7.155:443
187.202.57.9:995
67.214.8.102:443
123.252.128.47:443
108.160.123.244:443
66.214.75.176:443
96.20.238.2:61201
79.106.13.119:995
176.205.62.156:443
64.20.68.35:2083
76.80.66.226:443
181.90.124.162:443
96.22.239.27:2222
96.20.238.2:2078
108.184.57.213:8443
173.178.129.3:443
12.5.37.3:443
75.69.3.12:443
70.169.2.228:21
207.179.194.91:443
67.10.18.112:993
184.191.62.78:443
72.29.181.77:2083
207.162.184.228:443
206.51.202.106:50002
75.131.72.82:2087
190.120.196.18:443
65.30.12.240:995
71.30.56.170:443
47.214.144.253:443
172.78.45.13:995
110.12.60.117:443
173.247.186.90:990
173.247.186.90:995
174.131.181.120:995
80.14.209.42:2222
76.181.237.223:443
50.246.229.50:443
78.94.55.26:50003
71.197.126.250:443
24.30.69.9:443
68.225.250.136:443
174.48.72.160:443
107.12.140.181:443
75.110.250.89:443
166.62.180.194:2078
173.247.186.90:22
108.45.183.59:443
98.165.206.64:443
62.103.70.217:995
12.176.32.146:443
47.153.115.154:443
68.174.15.223:443
71.93.60.90:443
76.116.128.81:443
162.244.224.166:443
181.126.80.118:443
184.74.101.234:995
75.131.72.82:995
47.146.169.85:443
47.153.115.154:995
75.81.25.223:995
193.154.185.19:995
173.247.186.90:993
172.250.91.246:443
196.194.84.165:2222
2.177.115.198:443
159.118.173.115:995
197.82.208.249:995
192.24.181.185:443
72.16.212.107:995
203.192.232.72:443
86.98.7.248:443
162.244.225.30:443
65.116.179.83:443
70.120.151.69:443
184.180.157.203:2222
104.32.185.213:2222
72.142.106.198:465
23.240.185.215:443
196.194.84.165:0
117.208.254.113:995
104.34.122.18:443
75.110.90.155:443
179.36.9.109:443
47.180.66.10:443
73.137.187.150:443
64.201.125.172:443
47.180.66.10:995
73.138.178.6:443
187.156.73.46:995
69.245.144.167:443
76.174.122.204:443
68.206.128.75:443
75.165.132.69:443
75.165.181.122:443
35.136.74.103:443
96.29.219.77:443
64.150.136.45:443
1.173.254.97:443
72.218.137.100:443
50.46.139.220:443
201.152.122.180:995
200.104.40.85:443
75.110.101.34:443
24.196.158.28:443
190.120.196.18:1194
201.188.97.244:443
Targets
-
-
Target
jphxaul.exe
-
Size
660KB
-
MD5
e7de0cc04f0a433fce5336b7c7504d2c
-
SHA1
ff44818af235da435f601532acd29043b6a37ab0
-
SHA256
e736cf964b998e582fd2c191a0c9865814b632a315435f80798dd2a239a5e5f5
-
SHA512
43b273a7570d6f0a9dc328913e330a16ec64d1768736d93fee21824050a2f3feac5f64e99601543cf31d03e13784d0acb5ddec0bd063a3c870a4cb130cb54442
-
Qakbot persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run entry to start application
-