Static task
static1
Behavioral task
behavioral1
Sample
ad42ea143358ea03233ddc36324f810e92d7cf9802eff02dc8c9e50700484212.dll
Resource
win7-en-20211208
General
-
Target
ad42ea143358ea03233ddc36324f810e92d7cf9802eff02dc8c9e50700484212
-
Size
187KB
-
MD5
1cc8ff8095bb4c5bf26f33ad37d9b890
-
SHA1
0d9fd66996885b3176f50d76e7ec6c2b6f5908ae
-
SHA256
ad42ea143358ea03233ddc36324f810e92d7cf9802eff02dc8c9e50700484212
-
SHA512
7f2348d70d05c68415f9bffd48461d66c3ff934156b7e257ef4c17eb06bcadec3e8cafe0bf2b5bbe2f89955f8b1c156dd9e66dbeb193013e54fc83ac30275c36
-
SSDEEP
3072:a06iMe+wvO6Sy12f6I9VriU2AR0jCnXFwPOTBfgB2DvkkUHqHaup:MVx6lS+UcjuXFaOTBoB2AkUXu
Malware Config
Extracted
qakbot
324.127
spx98
1587042061
24.37.178.158:990
24.110.96.149:443
68.1.171.93:443
24.210.45.215:443
77.159.149.74:443
72.190.101.70:443
71.187.170.235:443
24.110.14.40:443
46.102.52.24:443
96.234.20.230:443
184.57.17.74:443
47.153.115.154:993
72.142.106.198:995
12.5.37.3:443
168.103.52.51:995
216.163.4.91:443
100.4.185.8:443
72.172.49.164:443
5.2.149.216:443
47.202.98.230:443
24.168.237.215:443
156.96.45.215:443
68.207.39.244:2222
98.213.28.175:443
72.16.57.99:443
47.153.115.154:995
184.167.2.251:2222
207.255.18.67:443
50.246.229.50:443
24.201.79.208:2078
85.7.22.186:2222
70.95.94.91:2078
73.163.242.114:443
70.57.15.187:993
5.14.253.163:443
209.182.121.133:2222
85.204.189.105:443
24.228.7.174:443
68.39.207.79:443
172.95.42.35:443
97.96.51.117:443
46.214.62.199:443
86.126.205.201:443
35.138.46.16:443
79.78.131.124:443
173.175.29.210:443
206.255.163.120:443
188.25.162.108:443
201.152.165.97:995
188.26.142.13:443
46.102.91.19:443
86.126.122.243:443
74.135.85.117:443
173.173.68.41:443
68.82.125.234:443
63.230.2.205:2083
206.183.190.53:995
107.2.148.99:443
188.173.185.139:443
72.183.241.2:443
79.118.20.164:443
72.190.30.180:443
86.126.49.109:443
86.123.211.28:443
47.185.167.163:443
73.214.231.2:443
86.125.193.90:443
85.121.42.12:443
95.77.144.238:443
108.49.221.180:443
46.214.156.146:443
184.8.90.251:443
121.139.184.226:443
174.55.134.59:443
94.52.124.226:443
72.224.213.98:2222
208.93.202.49:443
47.214.144.253:443
104.235.73.89:443
81.103.144.77:443
83.25.7.201:2222
93.113.177.152:443
75.110.250.89:443
190.198.103.228:2078
50.78.93.74:443
66.208.105.6:443
67.165.206.193:995
72.190.124.29:443
96.37.113.36:443
74.129.26.223:443
100.40.48.96:443
65.131.79.162:995
73.169.47.57:443
24.37.178.158:995
41.96.9.130:443
50.108.212.180:443
195.162.106.93:2222
24.184.5.251:2222
23.24.115.181:443
173.79.220.156:443
96.41.93.96:443
70.183.127.6:995
172.78.87.180:443
31.5.189.71:443
173.70.165.101:995
208.126.142.17:443
24.55.152.50:995
108.227.161.27:995
108.190.151.108:2222
72.209.191.27:443
86.126.74.125:443
173.22.120.11:2222
121.121.119.6:443
89.137.162.193:443
181.197.195.138:995
86.107.81.40:443
37.105.82.82:443
71.220.222.169:443
72.80.137.215:443
76.180.69.236:443
98.199.226.41:443
95.77.223.148:443
73.73.53.90:443
108.54.103.234:443
100.1.239.189:443
86.127.12.161:21
80.11.10.151:990
104.36.135.227:443
76.170.77.99:443
86.125.208.132:443
70.62.160.186:6883
73.226.220.56:443
74.33.70.30:443
47.41.3.40:443
49.191.9.180:995
65.116.179.83:443
79.114.194.106:443
47.153.115.154:443
108.27.217.44:443
24.202.42.48:2222
68.174.15.223:443
64.19.74.29:995
70.170.111.174:443
31.5.21.66:443
24.37.178.158:443
47.136.224.60:443
72.29.181.77:2078
50.29.181.193:995
80.14.209.42:2222
47.180.66.10:443
Signatures
-
Qakbot family
Files
-
ad42ea143358ea03233ddc36324f810e92d7cf9802eff02dc8c9e50700484212.dll windows x86
e8abe534861c92d5e11a8633d8d6f715
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_HUGE
localeconv
malloc
_wcsicmp
atol
free
qsort
memset
_time64
memcpy
memmove
strlen
strncpy
strcmp
strncmp
strstr
_vsnwprintf
_vsnprintf
strchr
memcmp
_snprintf
_strtoi64
_errno
memchr
strtod
iphlpapi
GetIpAddrTable
GetBestRoute
psapi
GetModuleFileNameExW
ws2_32
gethostbyaddr
ioctlsocket
getnameinfo
getaddrinfo
htons
setsockopt
sendto
bind
freeaddrinfo
WSAIoctl
listen
accept
inet_addr
WSAStartup
inet_ntoa
ntohs
getsockname
gethostbyname
select
__WSAFDIsSet
WSAGetLastError
recv
closesocket
send
socket
connect
shell32
SHGetFolderPathW
shlwapi
StrStrIW
StrCmpNA
ole32
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance
kernel32
GetModuleHandleW
SwitchToThread
VirtualAlloc
GetWindowsDirectoryW
SetEnvironmentVariableA
GetSystemInfo
GetModuleFileNameW
GetTickCount
OpenEventA
FlushFileBuffers
WriteFile
LocalAlloc
lstrcmpW
SetFileAttributesW
FindNextFileW
GetFileAttributesW
lstrlenA
lstrcpyA
SetEvent
TerminateThread
CreateEventA
lstrcmpA
GetCurrentProcess
SleepEx
GetCurrentThread
Sleep
GetExitCodeThread
CreateMutexA
DuplicateHandle
SetThreadPriority
GetLastError
ExpandEnvironmentStringsW
lstrcatA
GetThreadContext
SetThreadContext
TerminateProcess
ResumeThread
CreateFileW
lstrcatW
lstrcpynW
lstrlenW
lstrcmpiW
ConnectNamedPipe
ReadFile
DisconnectNamedPipe
CreateNamedPipeA
ExitProcess
WaitForSingleObject
GetProcessId
CloseHandle
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentThreadId
GetCurrentProcessId
CreateThread
GetComputerNameA
GetLocalTime
CreateDirectoryW
MoveFileW
DeleteFileW
GetComputerNameW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
DeleteCriticalSection
lstrcpynA
GetVersionExA
lstrcmpiA
GetFileSize
QueryPerformanceCounter
GetFileAttributesA
QueryPerformanceFrequency
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapCreate
FreeLibrary
GetSystemTimeAsFileTime
GetProcAddress
LoadLibraryA
FindFirstFileW
LoadLibraryW
CopyFileW
SystemTimeToFileTime
GetSystemTime
GetModuleHandleA
ReleaseMutex
WideCharToMultiByte
GetEnvironmentVariableA
MultiByteToWideChar
FindResourceA
LoadResource
SizeofResource
OpenProcess
SetFilePointer
lstrcpyW
GetExitCodeProcess
Process32FirstW
Process32NextW
InterlockedIncrement
user32
DialogBoxParamW
GetWindowTextA
MessageBoxA
FindWindowA
PostMessageA
CharUpperBuffA
GetSystemMetrics
DialogBoxParamA
MessageBoxW
GetWindowTextW
GetWindowLongA
advapi32
OpenProcessToken
RegQueryInfoKeyA
LookupAccountSidW
GetSecurityDescriptorSacl
RegCloseKey
GetUserNameW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
GetSidSubAuthority
RegEnumKeyExA
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
EqualSid
CryptAcquireContextA
oleaut32
SysAllocString
SysFreeString
VariantInit
VariantClear
Sections
.text Size: 122KB - Virtual size: 122KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ