Static task
static1
Behavioral task
behavioral1
Sample
c67eb13bf6222d0f7dee5250bcfc7175178d4977afd21baf3f61d64c35e79fe3.exe
Resource
win7-en-20211208
General
-
Target
c67eb13bf6222d0f7dee5250bcfc7175178d4977afd21baf3f61d64c35e79fe3
-
Size
216KB
-
MD5
e7fe8d6976cad7165d5ab79c12b28b4e
-
SHA1
0bd76ef651c878ea4050a1ad8873da78510a4c00
-
SHA256
c67eb13bf6222d0f7dee5250bcfc7175178d4977afd21baf3f61d64c35e79fe3
-
SHA512
2135fa63b7bd2795ac3b3a9d3a02463af7e2c472e8175d2d48c79d2dd7835e63d71c7644c6f42669c9aa529d7b1706a81dd84ceac58ad2d756911023675d8fc9
-
SSDEEP
6144:1XPFP6H9RCZCzmkCfivMTAm20Iln+vwiN:n6fCZCzPMTA6H
Malware Config
Extracted
qakbot
324.142
spx133
1591267427
49.144.84.21:443
189.159.133.162:995
173.245.152.231:443
77.237.181.212:995
207.255.161.8:2078
76.187.8.160:443
207.255.161.8:2087
98.219.77.197:443
66.222.88.126:995
207.255.161.8:32102
108.58.9.238:995
47.152.210.233:443
1.40.42.4:443
188.27.71.163:443
82.127.193.151:2222
104.50.141.139:995
67.83.54.76:2222
86.126.97.183:2222
73.94.229.115:443
47.35.182.97:443
72.29.181.77:2078
98.114.185.3:443
24.226.137.154:443
5.12.114.96:443
78.97.145.242:443
64.121.114.87:443
62.121.123.57:443
151.73.126.205:443
69.40.17.142:443
197.165.178.49:443
80.240.26.178:443
79.115.128.221:443
49.191.4.245:443
71.187.170.235:443
108.51.73.186:443
134.0.196.46:995
75.81.25.223:443
96.56.237.174:993
72.240.245.253:443
67.131.59.17:443
216.163.4.91:443
72.204.242.138:443
72.190.101.70:443
47.201.1.210:443
24.43.22.220:995
76.170.77.99:443
71.163.225.75:443
69.92.54.95:995
108.31.92.113:443
185.246.9.69:995
79.119.67.149:443
47.205.231.60:443
66.26.160.37:443
65.131.83.170:995
47.40.244.237:443
71.77.231.251:443
50.244.112.106:443
96.41.93.96:443
47.153.115.154:995
62.38.111.70:2222
72.16.212.108:465
24.46.40.189:2222
24.10.42.174:443
85.121.42.12:995
188.192.75.8:443
174.34.67.106:2222
70.174.3.241:443
65.24.76.114:443
128.234.46.27:443
100.38.123.22:443
67.5.28.72:465
96.18.240.158:443
85.186.141.62:995
207.255.18.67:443
207.255.161.8:2222
79.113.219.121:443
203.33.139.134:443
72.209.191.27:443
64.19.74.29:995
24.201.79.208:2078
98.115.138.61:443
68.174.15.223:443
75.87.161.32:995
50.244.112.10:443
173.175.29.210:443
173.22.120.11:2222
74.215.201.122:443
76.15.41.32:443
176.193.41.32:2222
50.29.181.193:995
207.255.161.8:32103
24.152.219.253:995
72.204.242.138:2078
173.187.169.73:443
24.43.22.220:443
71.88.104.107:995
89.44.195.186:2222
93.113.90.128:443
5.13.99.38:995
72.183.129.56:443
86.123.106.54:443
5.14.251.226:443
69.245.144.167:443
82.76.239.193:443
81.103.144.77:443
70.183.127.6:995
24.99.180.247:443
175.111.128.234:443
50.247.230.33:995
2.88.183.192:443
24.42.14.241:443
98.118.156.172:443
216.201.162.158:995
81.133.234.36:2222
173.172.205.216:443
184.98.104.7:995
47.146.169.85:443
108.27.217.44:443
74.56.167.31:443
80.195.103.146:2222
67.209.195.198:3389
96.37.137.42:443
108.58.9.238:993
173.79.220.156:443
98.32.60.217:443
78.96.192.26:443
79.117.161.67:21
72.28.255.159:995
207.162.184.228:443
189.140.112.184:443
105.184.48.142:443
97.93.211.17:443
47.153.115.154:443
188.192.75.8:995
142.129.227.86:443
72.69.180.183:61202
75.183.171.155:3389
140.82.21.191:443
71.185.60.227:443
137.103.143.124:443
173.49.122.160:995
96.35.170.82:2222
71.80.66.107:443
59.124.10.133:443
69.28.222.54:443
47.136.224.60:443
184.180.157.203:2222
72.177.157.217:995
104.221.4.11:2222
Signatures
-
Qakbot family
Files
-
c67eb13bf6222d0f7dee5250bcfc7175178d4977afd21baf3f61d64c35e79fe3.exe windows x86
f83b544e96ab46c08e00b6dc80fbb352
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
userenv
GetUserProfileDirectoryW
ole32
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
shell32
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW
setupapi
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
kernel32
GetLastError
GetProcAddress
LoadLibraryA
lstrcmpiW
GetModuleHandleA
CloseHandle
GetCurrentProcessId
GetEnvironmentVariableW
lstrlenA
WideCharToMultiByte
lstrcatA
GetEnvironmentVariableA
MultiByteToWideChar
lstrlenW
lstrcatW
lstrcpyA
HeapAlloc
HeapFree
HeapCreate
VirtualAlloc
GetFileSize
lstrcmpiA
GetModuleFileNameA
GetThreadContext
GetCurrentProcess
CreateEventA
LoadLibraryW
TerminateProcess
DeleteFileW
ResumeThread
ExpandEnvironmentStringsW
GetComputerNameW
GetVolumeInformationW
ReleaseMutex
GetExitCodeProcess
GetSystemTimeAsFileTime
SetEnvironmentVariableW
GetTickCount
GetModuleFileNameW
GetSystemInfo
SetEnvironmentVariableA
GetVersionExA
GetWindowsDirectoryW
SetEvent
OpenEventA
CopyFileW
TerminateThread
CreateThread
GetFileAttributesA
GetFileAttributesW
GetCurrentThread
LocalAlloc
GetLocalTime
LocalFree
lstrcpyW
CreateDirectoryW
SleepEx
WaitForSingleObject
FreeLibrary
GetDriveTypeW
lstrcmpA
GetCommandLineW
ExitProcess
lstrcpynW
Sleep
SystemTimeToFileTime
GetSystemTime
GetModuleHandleW
CreateMutexA
user32
CharUpperBuffA
MessageBoxA
GetClassNameA
CharUpperBuffW
advapi32
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
LookupAccountNameW
EqualSid
SetServiceStatus
RegUnLoadKeyW
RegLoadKeyW
ConvertSidToStringSidW
RegSetValueExW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegCloseKey
SetFileSecurityW
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
LookupAccountSidW
CreateProcessAsUserW
msvcrt
_vsnprintf
_ltoa
_except_handler3
memset
_vsnwprintf
memcpy
netapi32
NetApiBufferFree
NetUserEnum
NetGetDCName
Sections
.text Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 152KB - Virtual size: 151KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ