General
-
Target
ef29e3458223c9b4cdfc03b3b9c228e517a26f3e7ea34d910d49c5e7cb7296ad.bin
-
Size
366KB
-
Sample
201211-dkqvn9syrn
-
MD5
2aa5cdc57ea42fbff771e911eb6137be
-
SHA1
8ff401f3fa88ea6978ad0ba955c5ba08892138e7
-
SHA256
ef29e3458223c9b4cdfc03b3b9c228e517a26f3e7ea34d910d49c5e7cb7296ad
-
SHA512
bf5b1a8e0a0371c1fd237b4c04331831651ccab1e685943fa392620bcd08ed832cad614f2bf27481cb2618e287a9d9a4d8ee2b462bff5bd76d5e42594a1943d3
Static task
static1
Behavioral task
behavioral1
Sample
ef29e3458223c9b4cdfc03b3b9c228e517a26f3e7ea34d910d49c5e7cb7296ad.bin.dll
Resource
win7v20201028
Malware Config
Extracted
qakbot
tr02
1606748059
197.45.110.165:995
86.99.134.235:2222
174.76.21.134:443
208.99.100.129:443
86.126.198.195:443
185.105.131.233:443
85.132.36.111:2222
105.198.236.101:443
2.49.219.254:22
217.165.2.92:995
67.6.54.180:443
5.193.115.251:2222
83.196.50.197:2222
89.3.198.238:443
94.141.3.242:443
73.239.229.107:995
217.165.15.245:2222
68.225.60.77:995
85.121.42.12:443
99.240.226.2:443
98.4.227.199:443
85.186.122.190:443
41.205.16.108:443
187.213.199.54:443
189.250.59.212:2222
106.51.52.111:443
2.88.53.159:995
208.93.202.41:443
151.27.89.199:443
92.137.138.52:2222
173.70.165.101:995
89.33.87.107:443
108.46.145.30:443
118.160.162.127:443
187.213.136.249:995
94.53.92.42:443
80.106.85.24:2222
197.161.154.132:443
172.87.134.226:443
79.129.121.81:995
217.133.54.140:32100
67.8.103.21:443
74.135.112.78:443
118.70.55.146:443
86.97.221.121:443
87.27.110.90:2222
72.240.200.181:2222
196.151.252.84:443
209.137.209.158:443
94.49.157.35:443
67.61.157.208:443
151.60.163.18:443
47.44.217.98:443
73.51.245.231:995
174.29.203.226:993
178.222.114.132:995
83.110.19.27:443
156.213.155.74:443
98.115.243.237:443
83.202.68.220:2222
86.162.13.35:2222
109.115.125.81:50000
189.150.40.192:2222
200.75.136.78:443
92.154.83.96:2222
72.183.129.56:443
78.182.229.145:20
80.11.5.65:2222
85.204.189.105:443
189.141.31.12:443
81.97.154.100:443
199.116.241.147:443
206.183.190.53:993
50.60.166.59:995
47.22.148.6:443
116.240.78.45:995
75.109.180.221:443
213.67.45.195:2222
73.166.10.38:995
144.202.38.185:2222
144.202.38.185:995
90.101.117.122:2222
75.136.26.147:443
120.150.218.241:995
24.55.66.125:443
80.14.22.234:2222
94.49.188.240:443
173.197.22.90:2222
76.181.122.120:443
166.62.183.139:2078
72.36.59.46:2222
108.160.123.244:443
95.77.144.238:443
79.115.171.106:2222
78.181.19.134:443
41.105.41.202:443
85.60.132.8:2087
71.126.139.251:443
80.227.5.70:443
197.86.204.38:443
172.114.116.226:995
96.20.108.17:2222
2.90.33.130:443
50.244.112.106:443
174.76.11.123:995
185.126.13.190:995
72.29.181.78:2078
86.96.87.59:2078
91.104.44.226:995
173.245.152.231:443
92.99.22.32:443
39.36.30.92:995
216.201.162.158:443
173.169.189.169:443
93.113.177.152:443
108.190.151.108:2222
188.26.243.119:443
24.201.61.153:2078
149.28.99.97:2222
45.77.193.83:443
149.28.99.97:443
81.133.234.36:2222
95.76.27.6:443
72.204.242.138:443
69.123.234.175:443
45.63.107.192:2222
45.63.107.192:995
149.28.98.196:2222
149.28.98.196:995
149.28.98.196:443
109.205.204.229:2222
47.146.39.147:443
85.105.29.218:443
50.244.112.10:995
71.182.142.63:443
50.244.112.90:443
144.139.47.206:443
92.154.83.96:1194
176.45.233.94:995
86.245.87.251:2222
73.55.254.225:443
41.228.34.92:443
2.50.2.216:443
77.27.174.49:995
72.28.255.159:995
105.96.27.117:443
24.27.82.216:2222
100.12.74.21:995
95.77.223.148:443
24.95.61.62:443
Targets
-
-
Target
ef29e3458223c9b4cdfc03b3b9c228e517a26f3e7ea34d910d49c5e7cb7296ad.bin
-
Size
366KB
-
MD5
2aa5cdc57ea42fbff771e911eb6137be
-
SHA1
8ff401f3fa88ea6978ad0ba955c5ba08892138e7
-
SHA256
ef29e3458223c9b4cdfc03b3b9c228e517a26f3e7ea34d910d49c5e7cb7296ad
-
SHA512
bf5b1a8e0a0371c1fd237b4c04331831651ccab1e685943fa392620bcd08ed832cad614f2bf27481cb2618e287a9d9a4d8ee2b462bff5bd76d5e42594a1943d3
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Loads dropped DLL
-