API tools faq
paste
Advertisement
malware_traffic

2020-04-23 - URLs/hashes for Qakbot (Qbot) spx103 files

malware_traffic
Apr 23rd, 2020
9,553
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.87 KB | None | 0 0
raw download clone embed print report
  1. 2020-04-23 (THURSDAY) - URLS/HASHES FOR QAKBOT (QBOT) SPX103, THE "/docs_[3 characters]/" WAVE
  2.  
  3. URLS FOR THE INITIAL ZIP ARCHIVES:
  4.  
  5. - hxxp://beta[.]vaspotrcko[.]rs/docs_01g/21744971/Judgement_04222020_21744971.zip
  6. - hxxp://beta[.]vaspotrcko[.]rs/docs_01g/Judgement_04222020_8695470.zip
  7. - hxxp://bgszone[.]ga/docs_e48/6292603/Judgement_04222020_6292603.zip
  8. - hxxp://bgszone[.]ga/docs_e48/Judgement_04222020_09992.zip
  9. - hxxp://bgszone[.]ga/docs_e48/Judgement_04222020_3842913.zip
  10. - hxxp://biacayipteknoloji[.]com/docs_h1x/Judgement_04222020_47141554.zip
  11. - hxxp://biacayipteknoloji[.]com/docs_h1x/Judgement_04222020_945063087.zip
  12. - hxxp://www[.]blueleed[.]com/wp-content/plugins/advanced-ads-genesis/docs_try/2391241/Judgement_04222020_2391241.zip
  13. - hxxp://dubook[.]co[.]in/docs_5et/864422649/Judgement_04222020_864422649.zip
  14. - hxxp://far-flower[.]mindsellers[.]ru/wp-content/plugins/apikey/docs_d64/054309/Judgement_04222020_054309.zip
  15. - hxxps://www[.]foxfennecs[.]com/wp-content/themes/calliope/docs_v72/084594017/Judgement_04222020_084594017.zip
  16. - hxxp://hasifria[.]net/wp-content/uploads/2020/04/docs_jsv/Judgement_04222020_65639.zip
  17. - hxxp://hlb[.]ae/docs_q22/Judgement_04222020_69120.zip
  18. - hxxps://jaincakes[.]xyz/docs_1o2/108393672/Judgement_04222020_108393672.zip
  19. - hxxps://jaincakes[.]xyz/docs_1o2/818263/Judgement_04222020_818263.zip
  20. - hxxps://jaincakes[.]xyz/docs_1o2/949025839/Judgement_04222020_949025839.zip
  21. - hxxp://ixlarge[.]net/docs_to2/Judgement_04222020_490035134.zip
  22. - hxxp://kastom[.]pw/docs_jvq/80188/Judgement_04222020_80188.zip
  23. - hxxp://ngoibitumsinhthai[.]com[.]vn/docs_asx/Judgement_04222020_819411.zip
  24. - hxxp://papaw[.]doudou1998[.]com/docs_y59/587518/Judgement_04222020_587518.zip
  25. - hxxp://papaw[.]doudou1998[.]com/docs_y59/Judgement_04222020_883379667.zip
  26. - hxxp://pinangcitygroup[.]asia/wp-content/uploads/2020/04/docs_cgj/704043/Judgement_04222020_704043.zip
  27. - hxxp://pinangcitygroup[.]asia/wp-content/uploads/2020/04/docs_cgj/Judgement_04222020_211032903.zip
  28. - hxxp://pinangcitygroup[.]asia/wp-content/uploads/2020/04/docs_cgj/Judgement_04222020_56507748.zip
  29. - hxxp://playvideo[.]site/docs_8kj/81588387/Judgement_04222020_81588387.zip
  30. - hxxp://playvideo[.]site/docs_8kj/Judgement_04222020_0736741.zip
  31. - hxxps://tepatitlan[.]gob[.]mx/cs/wp-content/themes/calliope/docs_tpm/250122449/Judgement_04222020_250122449.zip
  32. - hxxps://tepatitlan[.]gob[.]mx/cs/wp-content/themes/calliope/docs_tpm/Judgement_04222020_5460712.zip
  33. - hxxps://uvisionpk[.]com/wp/wp-content/themes/calliope/docs_4ru/6004556/Judgement_04222020_6004556.zip
  34. - hxxps://uvisionpk[.]com/wp/wp-content/themes/calliope/docs_4ru/Judgement_04222020_70525.zip
  35.  
  36. URLS FOR THE QAKBOT EXE FILES:
  37.  
  38. - NOTE: These were first noted by @lazyactivist192 on Twitter and posted at https://pastebin.com/7bYzetJF (see the link for more info)
  39. - hxxp://atn24live[.]com/spool/8888.png?uid=[base64 string]
  40. - hxxp://bg142[.]caliphs[.]my/spool/8888.png?uid=[base64 string]
  41. - hxxp://afsholdings[.]com[.]my/spool/8888.png?uid=[base64 string]
  42. - hxxp://alphapioneer[.]com/spool/8888.png?uid=[base64 string]
  43. - hxxp://kbzsa[.]cn/wp-content/plugins/apikey/spool/8888.png?uid=[base64 string]
  44.  
  45. NOTE:
  46.  
  47. - Malware samples below are available at: https://www.malware-traffic-analysis.net/2020/04/23/index.html
  48.  
  49. EXAMPLES OF DOWNLOADED ZIP ARCHIVES:
  50.  
  51. - 3ce476d7ed1f44b6e6ae7181995b03947b607f13795b0c29f1558106ee5c4de3 Judgement_04222020_211032903.zip
  52. - 9c73ad1cb1039e993d9c76758e5d83fd810a37be0149544b368239e7425dd0a0 Judgement_04222020_2391241.zip
  53. - 54e25795ac1a1c4633e1dec3e9b3cfb6051252bac4be4d86507ad36bc63bc9cd Judgement_04222020_3842913.zip
  54. - ad18b077b6f0d19d6e9d693a21c27cef7a9974ede5ac4045b7ec84f6d56af2e4 Judgement_04222020_6004556.zip
  55. - ea0f3e681d4a1313e766a3c452e269e4119050a2cf8678132c568676b7a4f88e Judgement_04222020_6292603.zip
  56. - 827cda6369854771aaed444aed5780da8984d9d294f2fe7d6433ea7e5b2eb7fa Judgement_04222020_704043.zip
  57. - 75e0c0f122bd98f011223e87175f9729e3edd4fd66cacd3656feb233cced8852 Judgement_04222020_80188.zip
  58. - ed2687a6c20abf2e952d9ff522344a39fa25d7d5b3cad84576f05b15c4aeeee0 Judgement_04222020_8695470.zip
  59.  
  60. EXAMPLES OF EXTRACTED VBS FILES:
  61.  
  62. - a9112a8b6cf06710e7d4b60408865787f1d6e31c320e7b497618a0f88e0b92e3 Judgement_04222020_1546.vbs
  63. - 4b6417d713582630160b35658a921cebc37c1d44907d54e99ddd95e1e7d66d2f Judgement_04222020_1741.vbs
  64. - fabd563e131eac4798f612d08fb707a3839632eb763115e5f7ca4d1e24a02dec Judgement_04222020_2166.vbs
  65. - 7822b381dbc01d9625b2a3175fe16334c24e4ca22b337238def6206e08677d39 Judgement_04222020_250.vbs
  66. - 080b0bbff0628df551338a727121424293bcd9dda2864297fe520a283afc4d27 Judgement_04222020_290.vbs
  67. - 0e8c9cb759b247bd9dacddc7190d4b95b99610d077f73b56e62c97fe66b94d94 Judgement_04222020_4074.vbs
  68. - dea0a225cbc95b301ab070815c789fb84ee9611f89d55c8e28a1f8c8e4a5c590 Judgement_04222020_40954.vbs
  69. - ffdbfad447d2363a5827b2df5741845bdfb464b809ac8dc37bc63101f8e5ef6f Judgement_04222020_4853.vbs
  70.  
  71. EXAMPLES OF QAKBOT EXE FILES (ALL 1,950,208 BYTES):
  72.  
  73. - 78d4d6748dd89f7df5677df37d7aabfa459a080ec777edad87e0d9beab2e2c98 C:\Users\[username]\AppData\Local\Temp\PaintHelper.exe
  74. - 6a03748cc1b3aa9d28e1a0968b1f64c7fe63e527e9f047ca4a51855434897e36 C:\Users\[username]\AppData\Local\Temp\PaintHelper.exe
  75. - fcd62eaf45bac0417f7b27791f21c6867e4b77d95a33e52bda0d9f1f846264fa C:\Users\[username]\AppData\Local\Temp\PaintHelper.exe
  76. - 16b82fdf31a59649f5340cabc8a2946b91c7e81c90a1a2e2026f66653043b91d C:\Users\[username]\AppData\Local\Temp\PaintHelper.exe
  77. - 64031f76d624dbdc8a21deff4a4caccbec13138b1232fd77eddaf1e47c5a1302 C:\Users\[username]\AppData\Local\Temp\PaintHelper.exe
  78. - cb108c9977f7cc82b93aed9fbddefdbe356649bd4bfb4ce1f66c0ea8f8ace9d9 C:\Users\[username]\AppData\Local\Temp\PaintHelper.exe
  79. - 4b1889589fb591a56baf1c8f7751e13c856e9219db046acbdcb9b48211267d02 C:\Users\[username]\AppData\Local\Temp\PaintHelper.exe
  80. - 10e8c1693d5ac22b2d7c33235d080d027456e47535053a31b05e698bc07296f1 C:\Users\[username]\AppData\Local\Temp\PaintHelper.exe
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!