API tools faq
paste
Advertisement
MalwareQuinn

Qakbot_06_12_2020

MalwareQuinn
Jun 12th, 2020
13,578
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.23 KB | None | 0 0
raw download clone embed print report
  1. Qakbot spx139 spun up around 14:24 UTC.
  2.  
  3. It looks like its distroing zloader -> Qakbot again, also, the vbs directly drops zloader after a period of time.
  4.  
  5. vbs name:ATTN_54585_06112020.vbs
  6.  
  7. zloader C2s:
  8. https://xeemoquo.top/treusparq.php
  9. https://leeephee.top/treusparq.php
  10. https://withifceale.top/treusparq.php
  11. https://wpsnoum.pw/treusparq.php
  12. https://wsaexdig.pw/treusparq.php
  13.  
  14. Qakbot Download: http://cccommercialcleaning.com.au/wp-content/themes/twentyfifteen/1/spx139/*.exe (probably dasfdsfsdf.exe)
  15.  
  16.  
  17. Qakbot IPs:
  18. 98.16.204.189:995
  19. 88.158.199.95:443
  20. 24.102.235.160:995
  21. 96.18.240.158:443
  22. 67.165.206.193:995
  23. 81.103.144.77:443
  24. 184.180.157.203:2222
  25. 47.136.224.60:443
  26. 104.221.4.11:2222
  27. 203.33.138.230:443
  28. 72.204.242.138:20
  29. 75.137.239.211:443
  30. 74.215.201.122:443
  31. 41.228.201.162:443
  32. 92.29.5.162:995
  33. 108.30.125.94:443
  34. 207.255.161.8:2078
  35. 173.172.205.216:443
  36. 68.134.181.98:443
  37. 5.12.50.241:443
  38. 41.129.128.231:443
  39. 89.247.216.59:443
  40. 59.95.84.255:443
  41. 24.229.245.124:995
  42. 98.114.185.3:443
  43. 207.255.18.67:443
  44. 108.49.221.180:443
  45. 86.125.140.0:2222
  46. 86.127.24.61:21
  47. 216.229.92.42:443
  48. 24.228.7.174:443
  49. 144.202.48.107:443
  50. 207.246.71.122:443
  51. 45.77.215.141:443
  52. 108.28.90.129:443
  53. 75.182.220.196:2222
  54. 86.233.4.153:2222
  55. 111.251.66.160:443
  56. 5.12.111.88:443
  57. 151.73.124.242:443
  58. 82.77.169.118:2222
  59. 81.133.234.36:2222
  60. 117.199.6.72:443
  61. 35.143.248.234:443
  62. 201.209.4.83:2078
  63. 82.37.242.8:443
  64. 84.232.238.30:443
  65. 24.164.79.147:443
  66. 80.14.209.42:2222
  67. 100.38.123.22:443
  68. 66.68.22.151:443
  69. 46.214.86.217:443
  70. 77.237.184.66:995
  71. 5.107.232.32:2222
  72. 70.168.130.172:443
  73. 96.56.237.174:990
  74. 79.116.229.37:443
  75. 118.168.236.225:443
  76. 79.115.254.172:443
  77. 86.4.44.48:443
  78. 24.27.82.216:2222
  79. 69.40.17.142:443
  80. 95.77.144.238:443
  81. 104.235.90.116:443
  82. 68.200.23.189:443
  83. 72.204.242.138:53
  84. 85.121.42.12:995
  85. 72.29.181.77:2078
  86. 24.122.228.88:443
  87. 216.229.92.42:995
  88. 67.83.54.76:2222
  89. 24.122.157.93:443
  90. 72.190.101.70:443
  91. 74.134.46.7:443
  92. 71.187.170.235:443
  93. 85.186.50.42:443
  94. 68.46.142.48:443
  95. 24.43.22.220:993
  96. 74.75.216.202:443
  97. 100.4.173.223:443
  98. 75.81.25.223:443
  99. 74.135.37.79:443
  100. 1.40.42.4:443
  101. 66.208.105.6:443
  102. 173.175.29.210:443
  103. 89.35.93.254:2222
  104. 81.245.66.237:995
  105. 199.247.16.80:443
  106. 80.240.26.178:443
  107. 199.247.22.145:443
  108. 216.201.162.158:995
  109. 178.223.17.74:995
  110. 72.240.245.253:443
  111. 70.174.3.241:443
  112. 47.203.42.163:443
  113. 72.204.242.138:50003
  114. 50.244.112.10:443
  115. 24.43.22.220:995
  116. 72.204.242.138:80
  117. 72.204.242.138:443
  118. 2.190.200.253:443
  119. 69.11.247.242:443
  120. 76.187.8.160:443
  121. 184.98.104.7:995
  122. 66.26.160.37:443
  123. 188.192.75.8:443
  124. 134.0.196.46:995
  125. 72.204.242.138:32100
  126. 65.131.83.170:995
  127. 75.183.135.48:443
  128. 72.16.212.108:465
  129. 77.159.149.74:443
  130. 200.113.201.83:993
  131. 72.204.242.138:6881
  132. 76.170.77.99:443
  133. 47.153.115.154:995
  134. 185.246.9.69:995
  135. 67.250.184.157:443
  136. 47.146.169.85:443
  137. 96.37.137.42:443
  138. 67.209.195.198:3389
  139. 74.56.167.31:443
  140. 68.4.137.211:443
  141. 189.236.218.181:443
  142. 47.41.3.40:443
  143. 207.255.161.8:443
  144. 73.214.248.17:995
  145. 96.56.237.174:993
  146. 100.40.48.96:443
  147. 79.113.215.51:443
  148. 98.118.156.172:443
  149. 70.183.127.6:995
  150. 50.104.68.223:443
  151. 24.201.79.208:2078
  152. 72.204.242.138:443
  153. 184.90.139.176:2222
  154. 24.202.42.48:2222
  155. 172.242.156.50:995
  156. 108.54.205.207:443
  157. 24.42.14.241:995
  158. 42.3.8.102:443
  159. 188.27.6.170:443
  160. 74.193.197.246:443
  161. 68.174.15.223:443
  162. 184.96.155.4:993
  163. 98.115.138.61:443
  164. 75.87.161.32:995
  165. 207.162.184.228:443
  166. 137.99.224.198:443
  167. 178.27.203.107:443
  168.  
  169. Mirror: https://ghostbin.co/paste/ywhs4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!