-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathQakbot_BB03_18.10.2022.txt
142 lines (126 loc) · 3.15 KB
/
Qakbot_BB03_18.10.2022.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
18.10.2022 | Qakbot | BB03 | Campaign 1666073717 | Version 403.973
*************************************************
.url https://vrecyr.com/eiqu/rtanlacaeeotpi - pw FYN09
.zip 575ae68ec17b7a00ee668f76f64dc5f75390c61eb3976bddc3483d293d211d9b
.iso d2d44f7cc69a2899d1d354eefa4cf1591d622e901bd352cbb7ad2310288e4b29
.dll bcf7164f6f8a9b8c547be09d6c50782bd622876a392cc30235d952e77b9ed638
*************************************************
lnk content:
C:\Windows\System32\cmd.exe /c carcasses\merest.cmd re gs vr
>> Tracker database block
Machine ID: desktop-8f6109c
MAC Address: e0:d4:e8:7c:13:74
MAC Vendor: (Unknown vendor)
Creation: 2022-10-05 14:33:26
Volume Droid: cf15fa5c-89d3-4bdf-844b-9fb891604f9a
Volume Droid Birth: cf15fa5c-89d3-4bdf-844b-9fb891604f9a
File Droid: ac9ceaf9-44ba-11ed-a8be-e0d4e87c1374
File Droid birth: ac9ceaf9-44ba-11ed-a8be-e0d4e87c1374
*************************************************
cmd /c C:\Users\Admin\AppData\Local\Temp\Originals.lnk
"C:\Windows\System32\cmd.exe" /c carcasses\merest.cmd re gs vr
C:\Users\Admin\AppData\Local\Temp\bbc.exe carcasses\shark.des
regsvr32.exe carcasses\shark.des
wermgr.exe
*************************************************
c2's
190.199.99.171:993
41.69.192.245:443
167.58.254.85:443
206.1.172.1:443
5.163.177.234:443
134.35.0.103:443
105.96.221.136:443
41.101.100.7:443
186.177.93.18:2222
78.179.135.247:443
177.205.74.14:2222
102.47.218.41:443
102.156.149.226:443
41.250.48.206:443
41.107.58.251:443
187.198.16.39:443
193.201.187.64:443
41.102.134.89:443
102.159.77.134:995
105.159.49.123:995
197.200.236.69:443
154.247.82.36:443
37.37.80.2:3389
190.11.198.76:443
197.158.87.248:443
186.188.96.197:443
82.12.196.197:443
91.171.72.214:32100
72.88.245.71:443
84.220.94.231:443
151.251.50.117:443
105.154.56.232:995
41.107.116.19:443
159.192.204.135:443
177.152.65.142:443
176.45.35.243:443
104.233.202.195:443
149.126.159.254:443
181.56.171.3:995
200.93.11.28:2222
163.182.177.80:443
72.21.109.1:443
190.193.180.228:443
190.204.112.207:2222
41.97.56.102:443
206.1.208.223:2087
41.251.219.50:443
105.111.141.73:443
190.39.218.17:443
190.100.149.122:995
196.64.70.216:443
196.89.213.40:995
181.168.145.94:443
187.101.200.186:995
41.105.245.174:443
179.25.144.177:995
94.52.127.44:443
186.18.210.16:443
102.158.215.180:443
78.183.238.79:443
197.1.50.150:443
42.189.32.186:80
14.54.83.15:443
71.239.12.136:443
112.70.141.221:443
37.245.136.135:2222
88.232.10.69:443
41.98.250.65:443
82.205.9.34:443
196.64.239.75:443
37.8.68.1:443
197.1.248.244:443
197.2.139.7:443
79.45.134.162:22
182.183.211.163:995
154.246.14.94:443
144.86.17.168:443
182.185.29.69:995
160.177.47.116:6881
181.197.41.173:443
160.248.194.147:443
85.109.221.97:443
125.25.77.249:995
125.26.173.215:443
197.10.195.7:443
45.160.33.163:443
202.170.206.61:995
96.9.66.118:995
132.251.244.227:443
113.188.13.246:443
78.181.39.116:443
1.53.101.75:443
31.201.40.194:443
197.116.178.224:443
79.155.159.177:443
181.188.164.123:443
156.221.50.226:995
41.251.15.7:990
45.240.140.233:995
189.243.187.76:443