API tools faq
paste
Advertisement
malware_traffic

2020-04-20 - URLs/hashes for Qakbot (Qbot) spx100 files

malware_traffic
Apr 20th, 2020
10,051
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.14 KB | None | 0 0
raw download clone embed print report
  1. 2020-04-20 (MONDAY) - URLS/HASHES FOR QAKBOT (QBOT) SPX100, THE "/VARY/" WAVE
  2.  
  3. URLS FOR THE INITIAL ZIP ARCHIVES:
  4.  
  5. - hxxps://6686faka[.]com/wp-content/plugins/apikey/vary/12379.zip
  6. - hxxp://194.183.5[.]242/wp-content/uploads/2020/04/vary/72433.zip
  7. - hxxp://194.183.5[.]242/wp-content/uploads/2020/04/vary/835554765.zip
  8. - hxxps://51youqun[.]com/wp-content/plugins/apikey/vary/0292708/0292708.zip
  9. - hxxps://51youqun[.]com/wp-content/plugins/apikey/vary/12210055.zip
  10. - hxxps://51youqun[.]com/wp-content/plugins/apikey/vary/203113/203113.zip
  11. - hxxp://carnesribhaus[.]com.mx/wp-content/plugins/apikey/vary/3361569/3361569.zip
  12. - hxxp://carnesribhaus[.]com.mx/wp-content/plugins/apikey/vary/7908537.zip
  13. - hxxp://carnesribhaus[.]com.mx/wp-includes/vary/53201/53201.zip
  14. - hxxp://cimfl[.]com/wp-content/vary/100516985.zip
  15. - hxxp://cimfl[.]com/wp-content/vary/35442.zip
  16. - hxxps://fazautocare[.]com/wp-content/uploads/2020/04/vary/4160234.zip
  17. - hxxps://fazautocare[.]com/wp-content/uploads/2020/04/vary/66380.zip
  18. - hxxps://gnxpublishers[.]ca/wp-content/uploads/2020/04/vary/009518927/009518927.zip
  19. - hxxps://gnxpublishers[.]ca/wp-content/uploads/2020/04/vary/28506345.zip
  20. - hxxps://gnxpublishers[.]ca/wp-content/uploads/2020/04/vary/91393070/91393070.zip
  21. - hxxp://mehtapublicity[.]in/vary/469187054/469187054.zip
  22. - hxxps://member[.]irfansangjuara[.]com/wp-content/uploads/2020/04/vary/78075.zip
  23. - hxxp://ns-hd[.]co[.]jp/wp-content/uploads/2020/04/vary/63223.zip
  24. - hxxps://optica[.]co[.]in/vary/557650781.zip
  25. - hxxps://roirush[.]com/wp-content/vary/42868205/42868205.zip
  26. - hxxps://salvation24[.]com/vary/78130.zip
  27. - hxxps://salvation24[.]com/wp-admin/vary/324437/324437.zip
  28. - hxxps://salvation24[.]com/wp-admin/vary/26662446/26662446.zip
  29. - hxxps://sdeposito[.]com[.]br/wp-content/uploads/2020/04/vary/078178.zip
  30. - hxxps://smartfield[.]co[.]ke/wp-content/vary/619491/619491.zip
  31. - hxxp://test[.]wax[.]duzzling[.]com[.]tw/vary/62901.zip
  32. - hxxps://villette45[.]com/wp-content/uploads/2020/04/vary/400898538/400898538.zip
  33.  
  34. URLS FOR THE QAKBOT EXE FILES:
  35.  
  36. - NOTE: These were first noted by @lazyactivist192 on Twitter and posted at https://pastebin.com/kRKhdLfM (see the link for more info)
  37. - hxxp://tianmarket[.]shop/wp-content/uploads/2020/04/vary/111111[.]png?uid=[base64 string]
  38. - hxxp://textilesld[.]cluster020[.]hosting[.]ovh[.]net/wp-content/vary/111111[.]png?uid=[base64 string]
  39. - hxxp://phuhaihoang[.]vn/wp-content/uploads/2020/04/vary/111111[.]png?uid=[base64 string]
  40. - hxxp://thecorporatetailors[.]com[.]au/wp-includes/vary/111111[.]png?uid=[base64 string]
  41. - hxxp://b[.]adventh[.]org/2020/02/0218[.]png?uid=[base64 string]
  42.  
  43. EXAMPLES OF DOWNLOADED ZIP ARCHIVES:
  44.  
  45. - 03d707199f7751980976a94de5f920dca0104493b2c8f340077678c294181960 0292708.zip
  46. - 3ab7c35adbb569af22c591360eae79c319b8b3a385179ccf6af3fa981a0a04d1 7908537.zip
  47. - 4d67a790559a00ef8ef1673afc1e6750adc8ff1c3777957407681d1562835f4d 12379.zip
  48. - 80ee8ddf2a3f3b4d9226e8972c10c99e9402d2118cce2f6c5337367e6cedb664 324437.zip
  49. - a74f2bacc4e83cff2953d158281cd5184f1c657af7418adde2edc35d040054fb 835554765.zip
  50.  
  51. EXAMPLES OF EXTRACTED VBS FILES:
  52.  
  53. - 19fbc6fc6981342d8dbc24b39d431a8aae6d1df4c48703889bdd5a7c4b5d3e5a NUM_91391.vbs
  54. - 6dcf9decf31f360f42a421d9bcdfd0f0d41a17b7adb172c51b34f7f1663c816c NUM_65462.vbs
  55. - 6fa1f8ac0aa792ad5bf8b513a95fa4ad23407bdf84f69298689c4edc989e09f9 NUM_93575.vbs
  56. - a6e51333d70fa06a2482ad1551cb3789e0be96b8858838c1fa2c43c4d3f22fde NUM_35452.vbs
  57. - fba468926e82800ef6686958e698013442d6ffddcacb9c049af69b3b259137e2 NUM_61521.vbs
  58.  
  59. EXAMPLES OF QAKBOT EXE FILES (ALL 2,302,976 bytes):
  60.  
  61. - 10557f257f69bebc6fd493321171963bdf469f40bffafdf2e3c538139b3b7df8 C:\Users\[useranme]\AppData\Local\Temp\PaintHelper.exe
  62. - 3b3f3a6020cb54317beffb438574f521cad87f80c7a8ec43a3cbc02bec3dafa4 C:\Users\[useranme]\AppData\Local\Temp\PaintHelper.exe
  63. - 7e803243bc9dd22db1e967903af48b2baf70b68ccf5a5fe40e751d766580cf75 C:\Users\[useranme]\AppData\Local\Temp\PaintHelper.exe
  64. - cfa4d49151458a745e84e8415377ba082221499784c56b67e671011372c73827 C:\Users\[useranme]\AppData\Local\Temp\PaintHelper.exe
  65. - d447bf5ad39d971b7364a06b546a996bf7cc4857f7b9ccecf93303d30aaecdf6 C:\Users\[useranme]\AppData\Local\Temp\PaintHelper.exe
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!