qakbot | 271b603ea3385658714d6ce69e5f663b932b742392153f3f632925a19b72bffa

Sharing

Copy URL

Twitter E-mail

General

Target

271b603ea3385658714d6ce69e5f663b932b742392153f3f632925a19b72bffa
Size

228KB
MD5

8fe06adffced2001f76916c80d9db76e
SHA1

737b85b1567098cbc3a218ed99d55752fe142ac1
SHA256

271b603ea3385658714d6ce69e5f663b932b742392153f3f632925a19b72bffa
SHA512

05a050728192859ed9c9aca4d2668cb40bfc215cb1247994e9deb373c38ba73dc1ca28e2e2996d2db397616c4e85c51834d0218388b73563c7fa4b4194c59c95
SSDEEP

6144:+7Q6pK7WhK7KIQWDNSqT/YvF2TBdtjwsLOabS:+rpKiK7KLE3gvF2Tbtj57

Score

10^/10

notset 1618398961 qakbot

Malware Config

Extracted

Family

qakbot

Version

402.12

Botnet

notset

Campaign

1618398961

47.196.192.184:443

216.201.162.158:443

136.232.34.70:443

71.41.184.10:3389

140.82.49.12:443

45.63.107.192:2222

45.63.107.192:443

149.28.98.196:443

45.32.211.207:443

144.202.38.185:443

45.77.115.208:2222

45.77.115.208:8443

207.246.116.237:995

45.77.117.108:443

149.28.99.97:443

149.28.99.97:995

149.28.98.196:995

45.32.211.207:995

45.32.211.207:2222

149.28.98.196:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Signatures

Qakbot family
qakbot

Files

271b603ea3385658714d6ce69e5f663b932b742392153f3f632925a19b72bffa
.dll regsvr32 windows x86

182b61d2f1c5c52273fb34b2bc366785

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

Arc
CancelDC
CreateEnhMetaFileA
BitBlt
ArcTo

psapi

GetModuleFileNameExW

user32

GetSystemMetrics
DefWindowProcA
CreateWindowExA
CharUpperBuffW
GetProcessWindowStation
MessageBoxA
UnregisterClassA
RegisterClassExA
DestroyWindow
CharUpperBuffA
GetUserObjectInformationW

kernel32

GetDriveTypeW
TerminateThread
GetModuleFileNameW
GetModuleHandleA
CreateDirectoryW
MoveFileW
lstrcmpA
lstrcpynA
GetCurrentProcess
GetCurrentThread
CreateMutexA
DuplicateHandle
lstrcatA
CopyFileW
lstrcatW
DeleteFileW
lstrcpyW
HeapAlloc
DisconnectNamedPipe
HeapCreate
FreeLibrary
LoadLibraryW
GetExitCodeProcess
CreatePipe
GetSystemTimeAsFileTime
SetLastError
lstrcmpiA
GetProcAddress
LoadLibraryA
LocalAlloc
WideCharToMultiByte
GetTickCount
GetSystemInfo
GetVersionExA
GetWindowsDirectoryW
FindFirstFileW
FindNextFileW
SetFileAttributesW
SetThreadPriority
FlushFileBuffers
WriteFile
GetStdHandle
GetFileType
GetVersion
GetCurrentProcessId
lstrcmpiW
GetCPInfoExA
GetProcessId
IsValidCodePage
GetLastError
MultiByteToWideChar
lstrcpynW
SwitchToThread
InterlockedIncrement
HeapFree

advapi32

GetTokenInformation
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
ConvertSidToStringSidW
RegLoadKeyW
GetSidSubAuthorityCount
OpenThreadToken
LookupAccountNameW
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegDeleteValueA
RegSetValueExW
RegQueryValueExW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
OpenProcessToken
IsTextUnicode
RegQueryInfoKeyW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

SafeArrayGetElement
SysAllocString
SafeArrayGetUBound
SysFreeString
SafeArrayGetLBound
SafeArrayDestroy
VariantClear

msvcrt

_HUGE
realloc
atol
memset
_vsnwprintf
free
strncpy
raise
_exit
wcsstr
memcpy
localeconv
memmove
strchr
_vsnprintf
qsort
strtod
malloc
_strtoi64
_errno
memchr
_snprintf
_time64

ws2_32

inet_ntoa

userenv

GetUserProfileDirectoryW

Exports

Exports

DllRegisterServer

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

182b61d2f1c5c52273fb34b2bc366785

Code Sign

Headers

File Characteristics

Imports

gdi32

psapi

user32

kernel32

advapi32

ole32

oleaut32

msvcrt

ws2_32

userenv

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 124KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB