General
-
Target
MEM_02330000_00036000.exe
-
Size
216KB
-
Sample
211107-2cfnmabaf3
-
MD5
58e1c32eeb0130da19625e55ee48cf1e
-
SHA1
00ae1c5066f67e5e71285de99bea8d8b67085743
-
SHA256
f5ff6dbf5206cc2db098b41f5af14303f6dc43e36c5ec02604a50d5cfecf4790
-
SHA512
31ea3186c3c7b77f815e1bc060add4a6c7b3abddf98c5a615a5779472ea46eeacfe256286f8dd741deb29d1d43889f05854462ba621f0f5065cd1e36b61478f2
Static task
static1
Behavioral task
behavioral1
Sample
MEM_02330000_00036000.exe
Resource
win7-en-20211104
Malware Config
Extracted
qakbot
324.142
spx143
1592482956
39.36.254.179:995
24.139.132.70:443
24.202.42.48:2222
72.204.242.138:443
172.242.156.50:995
72.204.242.138:20
68.174.15.223:443
74.193.197.246:443
96.56.237.174:990
64.19.74.29:995
70.168.130.172:443
189.236.166.167:443
68.4.137.211:443
76.187.8.160:443
76.86.57.179:2222
73.226.220.56:443
67.250.184.157:443
75.183.171.155:3389
173.172.205.216:443
173.3.132.17:995
172.78.30.215:443
207.255.161.8:32103
75.137.239.211:443
68.49.120.179:443
206.51.202.106:50003
82.127.193.151:2222
207.255.161.8:2222
207.255.161.8:2087
24.152.219.253:995
187.19.151.218:995
197.37.48.37:993
188.241.243.175:443
72.88.119.131:443
89.137.211.239:443
108.30.125.94:443
187.163.101.137:995
100.19.7.242:443
45.77.164.175:443
80.240.26.178:443
66.208.105.6:443
207.246.75.201:443
199.247.22.145:443
199.247.16.80:443
95.77.223.148:443
68.60.221.169:465
5.107.220.84:2222
41.228.212.22:443
86.233.4.153:2222
68.200.23.189:443
201.146.127.158:443
79.114.199.39:443
87.65.204.240:995
71.74.12.34:443
217.162.149.212:443
195.162.106.93:2222
75.165.112.82:50002
201.248.102.4:2078
96.41.93.96:443
89.247.216.127:443
84.232.238.30:443
103.238.231.40:443
174.34.67.106:2222
98.115.138.61:443
91.125.21.16:2222
84.247.55.190:443
193.248.44.2:2222
74.135.37.79:443
78.96.190.54:443
86.126.97.183:2222
2.50.47.97:2222
68.39.160.40:443
96.232.203.15:443
86.144.150.29:2222
71.220.191.200:443
24.231.54.185:2222
80.14.209.42:2222
24.164.79.147:443
70.183.127.6:995
47.153.115.154:993
184.180.157.203:2222
50.104.68.223:443
67.165.206.193:995
200.113.201.83:993
47.153.115.154:465
24.42.14.241:995
189.160.203.110:443
188.27.76.139:443
207.255.161.8:32102
49.207.105.25:443
71.210.177.4:443
117.242.253.163:443
50.244.112.106:443
69.92.54.95:995
41.34.91.90:995
72.204.242.138:53
41.97.138.74:443
72.29.181.77:2078
71.88.168.176:443
2.50.171.142:443
67.83.54.76:2222
86.125.145.90:2222
47.153.115.154:995
24.122.157.93:443
47.146.169.85:443
72.181.9.163:443
187.155.74.5:443
71.209.187.4:443
74.75.216.202:443
24.44.180.236:2222
24.43.22.220:993
108.188.116.179:443
100.4.173.223:443
76.170.77.99:443
70.95.118.217:443
134.0.196.46:995
68.225.56.31:443
72.204.242.138:32102
72.204.242.138:50001
108.190.151.108:2222
72.204.242.138:465
50.244.112.10:443
173.22.120.11:2222
24.43.22.220:995
24.43.22.220:443
92.17.167.87:2222
72.209.191.27:443
72.204.242.138:80
71.187.170.235:443
96.56.237.174:32103
71.187.7.239:443
184.98.104.7:995
70.124.29.226:443
137.99.224.198:443
73.23.194.75:443
151.205.102.42:443
64.224.76.152:443
72.204.242.138:32100
173.187.101.221:443
72.179.13.59:443
208.93.202.49:443
70.174.3.241:443
96.37.137.42:443
76.111.128.194:443
67.209.195.198:3389
61.3.184.27:443
24.42.14.241:443
74.56.167.31:443
5.193.61.212:2222
117.216.177.171:443
Targets
-
-
Target
MEM_02330000_00036000.exe
-
Size
216KB
-
MD5
58e1c32eeb0130da19625e55ee48cf1e
-
SHA1
00ae1c5066f67e5e71285de99bea8d8b67085743
-
SHA256
f5ff6dbf5206cc2db098b41f5af14303f6dc43e36c5ec02604a50d5cfecf4790
-
SHA512
31ea3186c3c7b77f815e1bc060add4a6c7b3abddf98c5a615a5779472ea46eeacfe256286f8dd741deb29d1d43889f05854462ba621f0f5065cd1e36b61478f2
-
Turns off Windows Defender SpyNet reporting
-
Executes dropped EXE
-
Loads dropped DLL
-