qakbot | 1f634bbaf8d3b629a0c247c8d885f3da2323f447247914afe7d99ac4813b7e94

Sharing

Copy URL

Twitter E-mail

General

Target

1f634bbaf8d3b629a0c247c8d885f3da2323f447247914afe7d99ac4813b7e94
Size

197KB
MD5

c72ae60648941e0812ff80ca8ec010a0
SHA1

977a8ba095724cdc15e5d427c9084fd8956359f3
SHA256

1f634bbaf8d3b629a0c247c8d885f3da2323f447247914afe7d99ac4813b7e94
SHA512

19a635be1a9d5a8a19d0d2c0b8c57c4b4dde6f9bf2698f91719df4061be560dcbca2c2b27fbabd2ca32efc5fc3bdd7a7392da6d4f19c86074cab24fa7afbcadc

Score

10^/10

tr02s 1608638923 qakbot

Malware Config

Extracted

Family

qakbot

Version

401.147

Botnet

tr02s

Campaign

1608638923

41.230.209.182:443

35.134.202.234:443

73.166.10.38:50010

172.87.157.235:3389

24.216.56.6:443

184.179.14.130:22

24.152.219.253:995

67.209.195.198:443

86.98.89.36:2222

47.146.169.85:443

197.135.60.192:443

90.201.21.58:443

81.214.126.173:2222

37.116.152.122:2078

64.225.166.16:2222

187.7.236.197:995

47.196.192.184:443

82.12.157.95:995

2.50.161.6:2222

83.110.213.49:443

Signatures

Qakbot 1 IoCs

Processes:

resource yara_rule

sample Qakbot
Qakbot family
qakbot

resource	yara_rule
sample	Qakbot

Files

1f634bbaf8d3b629a0c247c8d885f3da2323f447247914afe7d99ac4813b7e94
.dll regsvr32 windows x86

580fdcdfbd7c2c8aaa198476c811fa88

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_ntoa

psapi

GetModuleFileNameExW

msvcrt

_time64
strtod
_HUGE
localeconv
strchr
strncpy
malloc
free
qsort
memcpy
memmove
memset
atol
_vsnwprintf
_snprintf
_vsnprintf
_strtoi64
memchr
_errno

kernel32

lstrcmpA
lstrlenA
lstrcpynA
GetCurrentProcess
GetCurrentThread
MultiByteToWideChar
GetExitCodeThread
GetOEMCP
CreateMutexA
DuplicateHandle
GetCurrentProcessId
GetLastError
lstrcatA
CreateDirectoryW
DisconnectNamedPipe
lstrcpynW
GetProcessId
CopyFileW
lstrcatW
DeleteFileW
lstrcpyW
lstrcmpiW
GetDriveTypeW
GetModuleHandleA
lstrlenW
MoveFileW
GetProcAddress
SwitchToThread
InterlockedIncrement
SetThreadPriority
HeapAlloc
HeapFree
HeapCreate
WideCharToMultiByte
FreeLibrary
GetSystemTimeAsFileTime
SetLastError
lstrcmpiA
LoadLibraryA
GetExitCodeProcess
CreatePipe
GetWindowsDirectoryW
FindFirstFileW
FindNextFileW
SetFileAttributesW
FlushFileBuffers
LocalAlloc
LoadLibraryW
GetTickCount
GetModuleFileNameW
GetSystemInfo
GetVersionExA

user32

CreateWindowExA
CharUpperBuffW
CharUpperBuffA
GetSystemMetrics
RegisterClassExA
DestroyWindow
DefWindowProcA
UnregisterClassA

advapi32

GetSidSubAuthority
OpenProcessToken
RegSetValueExW
RegQueryValueExW
IsTextUnicode
RegDeleteValueA
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegUnLoadKeyW
RegLoadKeyW
ConvertSidToStringSidW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
LookupAccountNameW
LookupAccountSidW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket

oleaut32

SafeArrayGetUBound
SysAllocString
SysFreeString
SafeArrayGetElement
SafeArrayDestroy
VariantClear
SafeArrayGetLBound

userenv

GetUserProfileDirectoryW

Exports

Exports

DllRegisterServer

Sections

.text
Size: 141KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

580fdcdfbd7c2c8aaa198476c811fa88

Code Sign

Headers

File Characteristics

Imports

ws2_32

psapi

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

userenv

Exports

Exports

Sections

.text Size: 141KB - Virtual size: 144KB

.rdata Size: 38KB - Virtual size: 40KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 141KB - Virtual size: 144KB

.rdata
Size: 38KB - Virtual size: 40KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 9KB - Virtual size: 9KB