Static task
static1
Behavioral task
behavioral1
Sample
046235b59fbc6d2c4ec3db0ae6ea10cb53d743c678ca9dca8b2a9d30c7fbb393.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
046235b59fbc6d2c4ec3db0ae6ea10cb53d743c678ca9dca8b2a9d30c7fbb393.dll
Resource
win10v2004-en-20220113
General
-
Target
046235b59fbc6d2c4ec3db0ae6ea10cb53d743c678ca9dca8b2a9d30c7fbb393
-
Size
163KB
-
MD5
a1cc9b5d85c55d1679cee3a11500fc15
-
SHA1
dcb776035a4f6140d86a8acbac48683035cec701
-
SHA256
046235b59fbc6d2c4ec3db0ae6ea10cb53d743c678ca9dca8b2a9d30c7fbb393
-
SHA512
12220589d5e0f14c07fed9fdb1e5dd24cd518decc7719faa2b95de664be324204ddf4a3dafaf9d49c4932192c27bff501d02a4a1c65c427eae9d414b203a668a
-
SSDEEP
3072:vDdFk278SyhrSVI1vC3ypnh+QIMF8YFhOTBfbUj/QkXk1gYRV:vL31MaYFhOTBzUj9k1g
Malware Config
Extracted
qakbot
325.43
tr01
1602688146
73.228.1.246:443
74.109.219.145:443
76.111.128.194:443
90.175.88.99:2222
108.191.28.158:443
68.225.60.77:443
75.136.40.155:443
5.193.181.221:2078
72.204.242.138:20
118.160.162.234:443
68.14.210.246:22
148.101.74.12:443
74.222.204.82:443
96.30.198.161:443
140.82.27.132:443
2.50.131.64:443
45.32.155.12:995
45.63.104.123:443
45.32.165.134:443
217.162.149.212:443
207.246.70.216:443
200.75.136.78:443
187.155.58.60:443
166.62.183.139:2078
35.134.202.234:443
67.170.137.8:443
70.45.126.135:443
173.21.10.71:2222
96.247.181.229:443
76.167.240.21:443
67.165.206.193:993
71.80.66.107:443
81.98.133.106:443
190.63.182.214:443
71.197.126.250:443
71.220.191.200:443
24.71.28.247:443
71.56.53.127:443
24.43.22.220:993
81.133.234.36:2222
69.47.239.10:443
80.195.103.146:2222
78.96.199.79:443
65.131.47.228:995
86.121.121.14:2222
96.243.35.201:443
173.70.165.101:995
80.14.209.42:2222
2.51.221.138:995
76.170.77.99:995
46.53.38.174:443
68.116.193.239:443
187.213.152.50:995
50.244.112.10:995
2.88.42.65:995
69.47.26.41:443
151.73.121.31:443
108.46.145.30:443
71.187.170.235:443
75.136.26.147:443
134.0.196.46:995
98.118.156.172:443
199.116.241.147:443
75.137.239.211:443
103.238.231.35:443
74.75.216.202:443
184.21.136.237:443
71.182.142.63:443
78.97.3.6:443
108.190.151.108:2222
85.121.42.12:995
67.6.55.77:443
141.158.47.123:443
98.240.24.57:443
68.46.142.48:995
151.205.102.42:443
172.87.134.226:443
187.213.186.154:443
72.204.242.138:443
72.240.200.181:2222
72.36.59.46:2222
24.229.150.54:995
100.4.179.64:443
190.85.91.154:443
31.215.98.218:443
47.28.131.209:443
207.255.161.8:993
207.246.75.201:443
77.159.149.74:443
45.77.193.83:443
71.19.217.23:443
86.121.215.99:443
207.255.161.8:995
184.180.157.203:2222
108.35.13.206:443
24.122.0.90:443
67.209.195.198:443
68.190.152.98:443
72.204.242.138:465
65.30.213.13:6882
188.27.178.166:443
207.255.161.8:32103
186.154.182.103:443
72.190.101.70:443
208.99.100.129:443
63.155.8.102:995
178.222.13.77:995
70.123.92.175:2222
108.5.33.110:443
70.168.130.172:995
45.32.154.10:443
199.247.22.145:443
80.240.26.178:443
85.204.189.105:443
102.190.183.108:443
207.255.161.8:443
66.215.32.224:443
71.28.7.23:443
86.176.25.92:2222
61.230.0.156:443
207.255.161.8:32100
41.228.59.195:443
67.60.113.253:2222
117.218.208.239:443
206.183.190.53:993
184.98.103.204:995
134.228.24.29:443
66.97.247.15:443
72.204.242.138:50001
72.204.242.138:32100
66.26.160.37:443
86.98.89.172:2222
72.82.15.220:443
24.37.178.158:443
47.44.217.98:443
72.204.242.138:995
95.179.247.224:443
172.78.30.215:443
39.36.156.196:995
24.234.86.201:995
71.163.222.203:443
72.204.242.138:53
93.149.253.201:2222
108.30.125.94:443
84.247.55.190:443
89.42.142.35:443
98.16.204.189:995
45.32.155.12:2222
72.204.242.138:32102
Signatures
-
Qakbot family
Files
-
046235b59fbc6d2c4ec3db0ae6ea10cb53d743c678ca9dca8b2a9d30c7fbb393.dll windows x86
979908ff7396381db74c69ddfba3c475
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_wcsicmp
_HUGE
localeconv
malloc
free
qsort
_time64
memcpy
memmove
strncpy
memset
strncmp
_vsnwprintf
_vsnprintf
atol
strchr
_snprintf
_strtoi64
_errno
memchr
strtod
psapi
GetModuleFileNameExW
ws2_32
connect
getsockname
send
ntohs
gethostbyname
setsockopt
select
WSAGetLastError
recv
socket
__WSAFDIsSet
closesocket
inet_addr
WSAStartup
inet_ntoa
ioctlsocket
htons
gethostbyaddr
shell32
SHGetFolderPathW
shlwapi
StrStrIW
StrCmpNA
ole32
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance
kernel32
SwitchToThread
lstrcmpA
GetCurrentProcess
SleepEx
GetCurrentThread
TerminateThread
Sleep
GetExitCodeThread
CreateMutexA
DuplicateHandle
lstrlenA
lstrcatA
lstrcpyA
TerminateProcess
ResumeThread
lstrcatW
lstrcpynW
lstrlenW
lstrcmpiW
ConnectNamedPipe
ReadFile
DisconnectNamedPipe
GetLastError
CreateNamedPipeA
ExitProcess
WaitForSingleObject
CreateEventA
GetProcessId
CloseHandle
GetEnvironmentVariableW
SetEnvironmentVariableW
SetThreadPriority
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
CreateThread
CreateDirectoryW
MoveFileW
GetComputerNameW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
DeleteCriticalSection
DeleteFileW
lstrcpynA
GetVersionExA
lstrcmpiA
GetFileSize
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
ReleaseMutex
FreeLibrary
GetModuleHandleW
LoadLibraryW
CopyFileW
GetProcAddress
WideCharToMultiByte
GetEnvironmentVariableA
MultiByteToWideChar
GetSystemTimeAsFileTime
LoadLibraryA
HeapCreate
OpenProcess
GetModuleHandleA
SetLastError
CreateProcessW
GetExitCodeProcess
Process32FirstW
CreatePipe
Process32NextW
FindFirstFileW
GetFileAttributesW
FindNextFileW
SetFileAttributesW
SystemTimeToFileTime
GetSystemTime
lstrcmpW
LocalAlloc
SetFilePointer
GetLocalTime
WriteFile
FlushFileBuffers
SetEvent
OpenEventA
GetTickCount
GetModuleFileNameW
GetSystemInfo
SetEnvironmentVariableA
GetWindowsDirectoryW
VirtualAlloc
InterlockedIncrement
user32
GetSystemMetrics
FindWindowA
PostMessageA
CharUpperBuffA
MessageBoxA
advapi32
GetSidSubAuthority
RegCloseKey
GetUserNameW
LookupAccountSidW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
OpenProcessToken
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
EqualSid
IsTextUnicode
CryptAcquireContextA
oleaut32
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
SafeArrayGetLBound
SysAllocString
SysFreeString
VariantInit
VariantClear
Sections
.text Size: 107KB - Virtual size: 107KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ