API tools faq
paste
Advertisement
malware_traffic

2020-10-05 (Monday) - Qakbot (Qbot) abc013

malware_traffic
Oct 5th, 2020
9,010
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.91 KB | None | 0 0
raw download clone embed print report
  1. 2020-10-05 (MONDAY) - QAKBOT (QBOT) ABC013
  2.  
  3. 28 EXAMPLES OF SPREADSHEETS WITH MACROS FOR QAKBOT:
  4.  
  5. - cc04a065d3ae43bc9c5ae1ef922f2a2ee40141116ed731dec89d4603e9b7dfb5 Complaint_1125260933_10022020.xls
  6. - 7c201b2eace7d299b8e0be3744a03a2315c35590d9487cf25da2ec10052a4cea Complaint_1244973267_10022020.xls
  7. - 1dd07f2f89be8a605e2b783eea13a91d23f14c510404ff014dac7860331f56f5 Complaint_1276210258_10022020.xls
  8. - 53b7be48b3886be058b858a2ceb3eff039dd2c830341355c0b81e922fd0479fc Complaint_1295673377_10022020.xls
  9. - 63a42827948d56d8c88f5503c55134b3a12da731136c15b597f38bbf4d73d3d1 Complaint_1310637585_10022020.xls
  10. - e0c94218d05a0fd172302f96c2cf9928ac2fee92438384d731704a7c3985b699 Complaint_151927265_10022020.xls
  11. - 5940110a5d84bec9b9406f4e1ebd504f7066d52fef3dbd150d46bc1405acf360 Complaint_1627961313_10022020.xls
  12. - 3a2422d37ba7fc27aecfce25788c3b8e37cd4ddc3f27b1660a6f19a8ec490a82 Complaint_184842229_10022020.xls
  13. - d50666006c4862cd342ccebb461c58197558a47d90034df0618458e89dafddf5 Complaint_1849966644_10022020.xls
  14. - 088e5191e35593430dd9da472b8f0a6646de0331afc12d67fd4af47aab3db975 Complaint_1865379412_10022020.xls
  15. - e2f26f754ef6a3c102bfe1af0f8a05cac1933ae1e53da554953b6c5e6ba8319f Complaint_19031468_10022020.xls
  16. - f1710c976fbe307a4ee5c4c8f231fa1a34a43bcf6706c2834eb17593abd21175 Complaint_1993065118_10022020.xls
  17. - 690cd1e3ce9997f9f5a963f9ab406b9eb473e6b6e269afec98d3bba5703083f6 Complaint_2013002976_10022020.xls
  18. - c6dbaf03feec9510b195b64412d8dc7e82ccd13eaec80b249ed83bfc873bc980 Complaint_2034953111_10022020.xls
  19. - 9bd29f08c5ce3cfe92f69b7cd12b79a3235578a29de34071704230245f5d21ec Complaint_2132347089_10022020.xls
  20. - baec26490dbe9ee850c170df5b3a38437535e20e4c717ae745fdb29e9e10917c Complaint_230839748_10022020.xls
  21. - 874d2d7cd1f55def172c72c9f9ef722e11add157bd2f359d12ce4caa3f42b2a8 Complaint_405146175_10022020.xls
  22. - 295d8e35faf699df803bc53cee0b49995aef4c020f98c31de22357c78dcba339 Complaint_462221507_10022020.xls
  23. - 47f5276c6c3c64bc2df7b2df4c61d13f90373891629eeef061a17c8365f660e2 Complaint_515719044_10022020.xls
  24. - e7e1808ac28dafd379f0ad5569f0f7bf88e4c925ffb4008b7d2a1e6d7de92385 Complaint_52186437_10022020.xls
  25. - bb1148e4a492c602c7c272f866c9d23ea3b80aef89c931953b307ec36b4063c4 Complaint_569607583_10022020.xls
  26. - 4586aa089049610d1eb12597b3a6b86f6dea8dc020b6483c00cbc982cd72ec4a Complaint_619341974_10022020.xls
  27. - 1eeed4ecda0ece6268c5a88ca059aa9e48c711316bcc97fcbcef1d60374fc53a Complaint_644951522_10022020.xls
  28. - d54ff5203e28e297300d05a745360b6dfc7b1074fd1cbb0db70d079265824cb0 Complaint_673893469_10022020.xls
  29. - 0bb7a95195a27d1515951e1446721468e7c60d543eda8a191a1897f2e25de80b Complaint_725598875_10022020.xls
  30. - 37649b95348656dd9e26b72e27866a32ee52a7d9287744e79e4dbf9d802ff3b4 Complaint_747450382_10022020.xls
  31. - ebef7925e6de609220ec1f6cbda77c310fedac693658d9b6a0272f4832770381 Complaint_755406789_10022020.xls
  32. - 4fc7b930915698ed28aa9d5a53c3654ae2f7eca87324f4c1baa4805f1b74fb48 Complaint_873609445_10022020.xls
  33.  
  34. URLS GENERATED BY THE SPREADSHEET MACROS:
  35.  
  36. - hxxp://palacegatepp[.]com/ywlaaopurzci/238428.png
  37. - hxxp://rawatitech[.]com/itcnkk/238428.png
  38. - hxxp://supplynowdent[.]com/ydcvjh/238428.png
  39. - hxxp://www.alliance-oilfield[.]com/mruazksaybp/238428.png
  40.  
  41. SHA256 HASHES FOR INITIAL QAKBOT EXE (ALL 1,017,320 BYTES):
  42.  
  43. - 1d14f161830af09dbdfca9bbfa554cd9724f8af548495866b29bddf8b4d73a31
  44. - 1ba4eff0ed556a21a26581b4a59961e33513f5321e5f0310e6d606d5ec95e99e
  45. - 35b85458c2b654476280aef26c1bde35bbb7a48465a618ae589b9f2e6e305ea8
  46. - 4b96a68d53022f8246c8e798433f266fdafbbc8902a96713e50eb66548ac3c8a
  47. - acacfdd7a0da6ee94b8c1bff2d71bf406d01a422959f23731d63a485acedf982
  48. - b0d5100e6d6af0bff8c9e282989d74930a2878a08410ae27ff2daa96132e3896
  49. - bda34889cc38db9ca6ff923907e9d1081c81cdf53e62ed5c0991ec9a3e74eef0
  50. - da9694c6c6f520b9068714b76a3cfce6f4609072f8777be7efb4e1878a6c4feb
  51. - fdde58beb1ddc17ee64524912a0db54e7b4bf2ae57cce64eedb01e56c856f582
  52.  
  53. INITIAL LOCATION OF QAKBOT EXE WHEN FIRST SAVED TO THE VICTIM HOST:
  54.  
  55. - C:\GuKoS\VuMaBiDe\Fikol.exe
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!