General
-
Target
httpd.exe
-
Size
436KB
-
Sample
210929-pv4rysfbbq
-
MD5
5ee75a7c68bfc3a8afcab5b7bc972c49
-
SHA1
ac6c61b6ed9ba2690ed8c1d4f7263be99781c0a0
-
SHA256
5143bfde3fa1b95407cf4ec97bbfea72554188ad7b866e41f0ef09fa43a2bb98
-
SHA512
576abfa0d54ec1c8a26ebe364716fd64579e07942ffb9dd9a325460f53b1e33833fda2b24de4a11ab2dbef9ba9cc5fcbd9a5449b280d052ed36b66190f6faff0
Static task
static1
Behavioral task
behavioral1
Sample
httpd.exe.dll
Resource
win7-en-20210920
Malware Config
Extracted
qakbot
402.363
tr
1632817399
105.198.236.99:443
140.82.49.12:443
37.210.152.224:995
89.101.97.139:443
81.241.252.59:2078
27.223.92.142:995
81.250.153.227:2222
73.151.236.31:443
47.22.148.6:443
122.11.220.212:2222
120.151.47.189:443
199.27.127.129:443
216.201.162.158:443
136.232.34.70:443
76.25.142.196:443
181.118.183.94:443
120.150.218.241:995
185.250.148.74:443
95.77.223.148:443
75.66.88.33:443
45.46.53.140:2222
173.25.166.81:443
103.148.120.144:443
173.21.10.71:2222
186.18.205.199:995
71.74.12.34:443
67.165.206.193:993
47.40.196.233:2222
68.204.7.158:443
24.229.150.54:995
109.12.111.14:443
177.130.82.197:2222
72.252.201.69:443
24.55.112.61:443
24.139.72.117:443
187.156.138.172:443
71.80.168.245:443
105.157.55.133:995
82.77.137.101:995
173.234.155.233:443
75.188.35.168:443
5.238.149.235:61202
73.77.87.137:443
182.176.112.182:443
96.37.113.36:993
162.244.227.34:443
92.59.35.196:2222
196.218.227.241:995
68.207.102.78:443
2.188.27.77:443
189.210.115.207:443
181.163.96.53:443
75.107.26.196:465
185.250.148.74:2222
68.186.192.69:443
Targets
-
-
Target
httpd.exe
-
Size
436KB
-
MD5
5ee75a7c68bfc3a8afcab5b7bc972c49
-
SHA1
ac6c61b6ed9ba2690ed8c1d4f7263be99781c0a0
-
SHA256
5143bfde3fa1b95407cf4ec97bbfea72554188ad7b866e41f0ef09fa43a2bb98
-
SHA512
576abfa0d54ec1c8a26ebe364716fd64579e07942ffb9dd9a325460f53b1e33833fda2b24de4a11ab2dbef9ba9cc5fcbd9a5449b280d052ed36b66190f6faff0
-
Loads dropped DLL
-