Behavioral task
behavioral1
Sample
qakbot.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
qakbot.dll
Resource
win10v2004-20220812-en
General
-
Target
qakbot.dll-disk
-
Size
178KB
-
MD5
140c4fd2f3880220aa54d942e7bacaee
-
SHA1
da271caa763198ff6c48c4c70ddf9bb0fb8919e1
-
SHA256
034e5b6eb8b5caeae7054b2765fa1bd56c64ee559489b042a4752d3e1e2d2cce
-
SHA512
8aa8409d3f55865256f707196dd686b55b89f0c5bbc241e3f3b714349df427e2b9ca0b30b1055b19c6171dbdee10008bf6b0658f7b195cfb34d5ae36eb5fb96c
-
SSDEEP
3072:nKJXr+BqdIfsLi86zSpMV9nJH36QBnoxFnOTBfu0kTgxokz1:ngXrXi88NNoxFnOTBW04g6k
Malware Config
Extracted
qakbot
325.59
abc027
1604574287
93.86.252.177:995
184.98.97.227:995
188.25.24.21:2222
1.54.190.204:443
89.137.211.239:443
78.101.234.58:443
41.206.131.166:443
87.27.110.90:2222
47.44.217.98:443
197.45.110.165:995
217.133.54.140:32100
41.97.170.119:443
185.246.9.69:995
90.53.232.130:2222
72.186.1.237:443
144.139.230.139:443
86.164.27.33:2222
185.105.131.233:443
90.146.209.224:2222
108.46.145.30:443
85.186.122.190:443
208.99.100.129:443
73.55.254.225:443
61.1.206.44:443
72.209.191.27:443
67.82.244.199:2222
64.185.5.157:443
68.13.99.24:443
176.181.247.197:443
202.141.244.118:995
75.136.40.155:443
45.243.77.75:443
92.59.35.196:2083
71.88.104.107:443
37.104.31.132:995
109.205.204.229:2222
63.155.67.114:995
77.89.10.4:2222
216.201.162.158:443
216.215.77.18:2222
67.78.151.218:2222
93.113.177.152:443
201.127.70.175:2222
141.158.47.123:443
5.32.41.46:443
83.110.75.224:443
69.11.247.242:443
45.77.193.83:443
207.246.75.201:443
184.21.136.237:443
108.31.15.10:995
217.165.96.127:990
98.16.204.189:995
37.104.237.11:443
72.36.59.46:2222
172.87.157.235:443
81.133.234.36:2222
24.179.13.119:443
86.98.59.251:2222
82.210.157.185:443
81.97.154.100:443
203.198.96.164:443
68.186.192.69:443
83.110.109.140:2222
72.204.242.138:443
176.58.132.212:2222
41.42.166.30:443
24.231.54.185:2222
74.129.26.119:443
188.27.32.167:443
2.50.159.189:2222
84.126.11.130:443
85.105.29.218:443
2.50.58.76:443
178.87.225.167:443
86.122.18.250:443
72.190.101.70:443
217.162.149.212:443
96.237.141.134:995
24.152.219.253:995
197.133.209.88:443
41.238.238.233:443
74.75.216.202:443
45.63.107.192:2222
217.165.2.92:995
45.63.107.192:995
45.63.107.192:443
37.106.7.143:443
45.32.154.10:443
71.187.177.20:443
120.150.218.241:443
2.50.167.56:443
2.49.28.18:2222
83.103.226.20:995
2.50.110.49:2078
75.87.161.32:995
68.174.15.223:443
39.36.77.219:995
188.25.97.18:443
86.140.82.66:443
72.204.242.138:465
50.209.125.234:995
2.50.47.130:2222
31.35.28.29:443
47.146.39.147:443
188.152.23.81:2222
68.15.109.125:443
190.220.8.10:995
72.66.47.70:443
149.28.99.97:995
82.12.157.95:995
191.84.14.174:443
149.28.99.97:443
149.28.99.97:2222
79.113.119.125:443
45.32.155.12:443
78.97.110.47:443
69.40.22.180:443
74.75.237.11:443
72.82.15.220:443
86.98.145.152:2222
47.22.148.6:443
70.168.130.172:995
78.96.199.79:443
50.244.112.10:995
68.225.60.77:443
47.137.242.79:443
98.26.50.62:995
71.197.126.250:443
46.53.60.8:443
68.190.152.98:443
82.127.125.209:2222
184.55.32.182:443
24.205.42.241:443
82.127.125.209:990
2.51.247.69:995
66.215.32.224:443
45.32.155.12:2222
96.30.198.161:443
45.32.165.134:443
45.63.104.123:443
118.100.108.25:443
140.82.27.132:443
82.76.47.211:443
207.246.70.216:443
117.241.53.164:443
120.150.60.189:995
80.195.103.146:2222
98.116.20.194:443
Signatures
-
Qakbot family
Files
-
qakbot.dll-disk.dll windows x86
fdeecfe7423559ec95eecd8f1f9d0992
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_wcsicmp
_HUGE
localeconv
malloc
free
qsort
_time64
memcpy
memmove
memcmp
strlen
strncpy
memset
strcmp
strncmp
strstr
_vsnwprintf
_vsnprintf
atol
strchr
_snprintf
_strtoi64
_errno
memchr
strtod
iphlpapi
GetIpAddrTable
GetBestRoute
psapi
GetModuleFileNameExW
ws2_32
connect
getsockname
send
ntohs
getaddrinfo
gethostbyname
setsockopt
sendto
bind
freeaddrinfo
WSAIoctl
select
WSAGetLastError
recv
socket
__WSAFDIsSet
closesocket
accept
inet_addr
WSAStartup
inet_ntoa
ioctlsocket
htons
listen
getnameinfo
gethostbyaddr
shell32
SHGetFolderPathW
shlwapi
StrStrIW
StrCmpNA
ole32
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance
kernel32
SwitchToThread
lstrcmpA
GetCurrentProcess
SleepEx
GetCurrentThread
TerminateThread
Sleep
GetExitCodeThread
CreateMutexA
DuplicateHandle
lstrlenA
lstrcatA
lstrcpyA
TerminateProcess
ResumeThread
lstrcatW
lstrcpynW
lstrlenW
lstrcmpiW
ConnectNamedPipe
ReadFile
DisconnectNamedPipe
GetLastError
CreateNamedPipeA
ExitProcess
WaitForSingleObject
CreateEventA
GetProcessId
CloseHandle
GetEnvironmentVariableW
SetEnvironmentVariableW
SetThreadPriority
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
CreateThread
CreateDirectoryW
MoveFileW
GetComputerNameW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
DeleteCriticalSection
DeleteFileW
lstrcpynA
GetVersionExA
lstrcmpiA
GetFileSize
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
ReleaseMutex
FreeLibrary
GetModuleHandleW
LoadLibraryW
CopyFileW
GetProcAddress
WideCharToMultiByte
GetEnvironmentVariableA
MultiByteToWideChar
GetSystemTimeAsFileTime
LoadLibraryA
HeapCreate
OpenProcess
GetModuleHandleA
SetLastError
CreateProcessW
GetExitCodeProcess
Process32FirstW
CreatePipe
Process32NextW
FindFirstFileW
GetFileAttributesW
FindNextFileW
SetFileAttributesW
lstrcmpW
LocalAlloc
SetFilePointer
GetLocalTime
WriteFile
FlushFileBuffers
SetEvent
OpenEventA
GetTickCount
GetModuleFileNameW
GetSystemInfo
SetEnvironmentVariableA
GetWindowsDirectoryW
VirtualAlloc
SystemTimeToFileTime
GetSystemTime
InterlockedIncrement
user32
GetSystemMetrics
FindWindowA
PostMessageA
CharUpperBuffA
MessageBoxA
advapi32
GetSidSubAuthority
RegCloseKey
GetUserNameW
LookupAccountSidW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
OpenProcessToken
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
EqualSid
IsTextUnicode
CryptAcquireContextA
oleaut32
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
SafeArrayGetLBound
SysAllocString
SysFreeString
VariantInit
VariantClear
Sections
.text Size: 120KB - Virtual size: 120KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ