Qakbot_BB_22.09.2022.txt

22.09.2022 | Qakbot | bb | Campaign 1663698873 | Version 403.895

*************************************************

.url https://k9secure.net/mdi/tiiunmeoqarnmaucs - pw K317
.zip a6e65142f62d40f6d619e569e8498b631e92d07351fdfa61c9b13cdd5d4f6b37
.iso 4367ef10c26ce4b66be5a31f39529d7eb0a167da0321be894e43d4ed577385cf
.dll 5e5c55c133d644de044f5bcb782b618fd188a1c6ca707298815ab23295fb43c1

*************************************************

lnk content

C:\breezily\streakingTarrying.js

*************************************************

cmd /c C:\Users\Admin\AppData\Local\Temp\Insurance.lnk

wscript.exe C:\Users\Admin\AppData\Local\Temp\breezily\streakingTarrying.js

cmd /c "C:\Users\Admin\AppData\Local\Temp\breezily\reaganAsquith.cmd"

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\breezily\torpors.dll

wermgr.exe

*************************************************

c2's

173.218.180.91:443
134.35.13.43:443
197.94.84.128:443
70.51.132.197:2222
181.118.183.123:443
189.19.189.222:32101
41.111.1.60:995
70.49.33.200:2222
99.232.140.205:2222
139.228.33.176:2222
193.3.19.37:443
41.99.57.155:443
177.255.14.99:995
31.54.39.153:2078
191.97.234.238:995
105.159.30.48:443
217.165.146.41:993
119.82.111.158:443
66.181.164.43:443
88.245.168.200:2222
110.4.255.247:443
89.211.217.38:995
64.207.215.69:443
109.155.5.164:993
190.44.40.48:995
187.205.222.100:443
76.169.76.44:2222
72.88.245.71:443
197.204.243.167:443
68.53.110.74:995
41.69.103.179:995
68.224.229.42:443
100.1.5.250:995
194.166.205.204:995
88.232.207.24:443
14.183.63.12:443
89.211.223.138:2222
85.98.206.165:995
191.254.74.89:32101
72.66.96.129:995
176.42.245.2:995
186.154.92.181:443
88.231.221.198:995
102.38.97.229:995
45.51.148.111:993
87.243.113.104:995
84.38.133.191:443
123.240.131.1:443
180.180.131.95:443
191.84.204.214:995