Overview
overview
10Static
static
Postcards.lnk
windows7-x64
3Postcards.lnk
windows10-2004-x64
3plaid/croaks.dll
windows7-x64
10plaid/croaks.dll
windows10-2004-x64
10plaid/disb...hip.js
windows7-x64
3plaid/disb...hip.js
windows10-2004-x64
1plaid/flou...es.cmd
windows7-x64
1plaid/flou...es.cmd
windows10-2004-x64
1General
-
Target
Postcard#2542.iso
-
Size
910KB
-
Sample
220930-mpdmgadcf9
-
MD5
f9552781ddf9912e504dea3924d95c29
-
SHA1
d26d342727c05253ff74d772bb742e9884f953ad
-
SHA256
765238af5901e400e41bd70e0f67e772f77ef290caf6bdf448bda970ebe62dfd
-
SHA512
cf16aa0478b4aebb8a9983377576a36d4a992c4bf1e36e84e7c356756b70ac4cfa82bd8a2d100bda2740584fc4fa9ed15d882094cb5ad3a84addf61b17f1040d
-
SSDEEP
12288:+gzbVZi2QWig2MHuNyRncmIETn8cxvOBOYHHbwBOcIOrDgHHH:hzggrz6mJTnR+HHbwhDgHHH
Static task
static1
Behavioral task
behavioral1
Sample
Postcards.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Postcards.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
plaid/croaks.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
plaid/croaks.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
plaid/disbarredJudgeship.js
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
plaid/disbarredJudgeship.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
plaid/flounderingCores.cmd
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
plaid/flounderingCores.cmd
Resource
win10v2004-20220812-en
Malware Config
Extracted
qakbot
403.895
BB
1664437404
113.180.55.111:443
58.186.75.42:443
105.184.56.118:995
196.206.133.114:995
80.253.189.55:443
193.3.19.137:443
41.104.80.233:443
49.205.197.13:443
186.81.122.168:443
216.238.83.82:443
216.238.83.82:995
39.44.5.104:995
196.207.146.151:443
216.238.108.61:995
139.84.167.18:995
139.84.167.18:443
216.238.108.61:443
149.28.38.16:995
134.35.12.30:443
131.100.40.13:995
102.189.184.12:995
103.173.121.17:443
102.190.190.242:995
85.86.242.245:443
73.252.27.208:995
41.99.57.148:443
197.120.66.183:995
186.90.144.235:2222
197.49.45.244:995
186.50.137.148:995
181.177.156.209:443
177.45.78.52:993
86.196.181.62:2222
197.203.50.195:443
89.187.169.77:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
Postcards.lnk
-
Size
1KB
-
MD5
1d4df8edae1edefb8c15e76fca459b70
-
SHA1
fe07303014ce86cb5769ba8c2b402fb9c859b5a2
-
SHA256
ec64aa131d20e762fdc61055121c872e96fd163aa40c6f477255f01a256f9b20
-
SHA512
b07fc3beef7a84c37de1b7ce8302778d49df89d86f421218a5b6ea086e5d8faa8d687240b0bff3d1106d1e6287e92fd7a3277315b34d436d46c98a469897c80c
Score3/10 -
-
-
Target
plaid/croaks.db
-
Size
594KB
-
MD5
3dc3f269b9a89b2d7ea8249d4644a900
-
SHA1
b9075c67730f2a0d3b65f07663f300cfaff19011
-
SHA256
af1692ced38f5fda305b35be66774822900a0b9617102db4b3da5f7c97f70e3e
-
SHA512
f1377d49c9ff7dde7bd138d38a097612298f4215aa8461b9e0fe748c238de577e8f4eb134428300961b1618e018c2e8c0128923f3e8f6cb8fd93738fb264ef89
-
SSDEEP
6144:sEUrgznbtvSaoyH0+iN4QDClgg9Q6STFOPHuC0AO+jZrR:CgzbVZi2QWig2MHuNyR
-
-
-
Target
plaid/disbarredJudgeship.js
-
Size
229B
-
MD5
0c5fffec1e8aa036ac664972ee2a5e19
-
SHA1
9e6ec90dba8066ee9e4d4338cde2db395447b513
-
SHA256
15587d750be6981b98f00df933f19a7b02e221c0f5d38d8fcc75f9d83e15c22b
-
SHA512
167b0fa6d8485c11c0e233d73a02043495a1e5786b37235fafb8c5aec995c3e4cc1fb6c499786298ece1585eb3ab9090322c65e150aee0f0c70cab05490b8543
Score3/10 -
-
-
Target
plaid/flounderingCores.cmd
-
Size
111B
-
MD5
e284b60daf806c0709445f11c49f294e
-
SHA1
7df8df799bebc07a638aff231ab2f00482add291
-
SHA256
8b95f14a04e8337f3c0d9c8b84b5cbab66e8ed71b3bb24277b72bec64fd8cf66
-
SHA512
fc1f873041282d6d80e688743fdfd4ae6f2fd33f98f9f8263676109d455c6f34762ee5c6ff627a5111a58c1f1ca6c1749da5ab8fda447c347aa2ec2ca49934f2
Score1/10 -