-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathQakbot_BB07_22.11.2022.txt
158 lines (145 loc) · 3.49 KB
/
Qakbot_BB07_22.11.2022.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
22.11.2022 | Qakbot | BB07 | Campaign 1669024152 | Version 404.30
*************************************************
.url https://imutaxsolution.com/tp/index.php?qbot.zip
.zip f64e61c7e08bb909b67afe3e90b194ee53b286a5bd0cf8d7843e2c34e46fc3a8
.iso f90681a3c5525abdc8c0c0ec190f001ac79786c72fc23d5cf2b6ba8e6579a538 pw = VX21
.js 38cc60d96d146e02f46fe3102ecc61111b2e06258c0a1d8a44989d19e71be06b
.dll 085f0f3f25b1328d153a7c56125e1d8a4d43bc882fe3f250d742ea5247850c02
*************************************************
Code Signing Certificate
Organisation: FISH ACCOUNTING & TRANSLATING LIMITED
Issuer: Sectigo Public Code Signing CA R36
Algorithm: sha384WithRSAEncryption
Valid from: 2022-10-26T00:00:00Z
Valid to: 2023-10-26T23:59:59Z
Serial number: 626735ed30e50e3e0553986d806bfc54
Thumbprint Algorithm: SHA256
Thumbprint: a1488004ec967faf6c66f55440bbde0de47065490f7c758f3ca1315bb0ef3b97
Source: This information was brought to you by ReversingLabs A1000 Malware Analysis Platform
*************************************************
Exec >
wscript.exe C:\Users\Admin\AppData\Local\Temp\XS.vbs
regsvr32.exe gray\\hindmost.temp
wermgr.exe
*************************************************
c2's
69.119.123.159:2222
197.148.17.17:2078
174.104.184.149:443
12.172.173.82:995
91.68.227.219:443
85.241.180.94:443
83.7.53.150:443
213.22.188.57:2222
71.46.234.170:443
190.75.150.58:2222
86.98.15.100:995
89.115.196.99:443
83.31.254.67:2222
46.162.109.183:443
2.84.98.228:2222
78.69.251.252:2222
12.172.173.82:465
75.143.236.149:443
47.229.96.60:443
80.121.8.212:995
74.92.243.113:50000
86.225.214.138:2222
183.82.100.110:2222
86.175.128.143:443
105.103.41.128:990
121.122.99.151:995
82.121.237.106:2222
83.248.199.56:443
81.156.198.115:2222
24.228.132.224:2222
87.243.146.59:443
174.112.25.29:2078
84.35.26.14:995
174.45.15.123:443
83.110.90.214:995
87.65.160.87:995
172.90.139.138:2222
71.247.10.63:2083
47.41.154.250:443
80.103.77.44:2222
92.11.189.236:2222
81.229.117.95:2222
91.169.12.198:32100
62.31.130.138:465
188.92.64.68:443
58.186.75.42:443
85.59.61.52:2222
94.63.65.146:443
80.13.179.151:2222
24.206.27.39:443
170.253.25.35:443
157.231.42.190:995
184.153.132.82:443
174.101.111.4:443
23.240.47.58:995
217.128.91.196:2222
62.35.67.88:443
184.155.91.69:443
86.176.144.202:2222
86.213.224.109:2222
90.104.22.28:2222
76.80.180.154:995
174.77.209.5:443
184.176.154.83:995
58.247.115.126:995
69.133.162.35:443
71.183.236.133:443
102.47.130.52:995
103.141.50.117:995
116.75.63.124:443
70.66.199.12:443
92.185.204.18:2078
130.43.107.232:995
92.24.200.226:995
81.111.108.123:443
98.145.23.67:443
197.0.235.159:443
92.137.74.174:2222
92.207.132.174:2222
12.172.173.82:50001
76.127.192.23:443
12.172.173.82:21
176.142.207.63:443
83.110.223.247:443
71.247.10.63:50003
108.6.249.139:443
24.69.87.61:443
90.89.95.158:2222
89.129.109.27:2222
91.254.215.167:443
71.247.10.63:995
47.34.30.133:443
86.130.9.140:2222
70.64.77.115:443
87.223.80.45:443
180.151.104.143:443
109.57.68.154:443
103.55.67.180:443
75.99.125.238:2222
50.68.204.71:995
73.36.196.11:443
105.184.161.242:443
187.199.224.16:32103
105.103.41.128:32103
75.156.125.215:995
170.249.59.153:443
2.91.187.6:995
87.202.101.164:50000
105.103.41.128:465
74.66.134.24:443
172.117.139.142:995
87.1.202.122:443
105.103.41.128:2078
12.172.173.82:990
86.171.75.63:443
12.172.173.82:2087
105.103.41.128:22
24.142.218.202:443
66.191.69.18:995
45.248.169.101:443