Behavioral task
behavioral1
Sample
1260-57-0x00000000001E0000-0x0000000000202000-memory.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1260-57-0x00000000001E0000-0x0000000000202000-memory.dll
Resource
win10v2004-20220812-en
General
-
Target
1260-57-0x00000000001E0000-0x0000000000202000-memory.dmp
-
Size
136KB
-
MD5
9e2f4109f75b9685b00faa2b123467b0
-
SHA1
8fbf8d3d5b26e73176fd2e2552c1a3b14ece1918
-
SHA256
a9d46fd1b5db26e16908b567824c90abe7b24cedc60b41eec71af08a8a256d71
-
SHA512
c4abfba1226a2e03d6fb84a8c06d254969b4727dcb1a7461b2368ae21452cf026afe281052c32f1aba00e6e48b5d96b4fdfae5e58c5d52da14bf32a84a2cf772
-
SSDEEP
1536:dcwD1lgihuOCZc4Kc1Eevt32Lsf5SBAwILluJV0is2OIOdnToIfdL4egrzkt:Owi9Kqvvt32LOKA4JeiH8VTBfd8e5t
Malware Config
Extracted
qakbot
403.862
BB
1663148750
193.3.19.37:443
99.232.140.205:2222
99.253.251.74:443
197.94.210.133:443
37.210.148.30:995
14.161.194.86:443
154.181.203.230:995
200.161.62.126:32101
134.35.10.122:443
64.207.215.69:443
81.131.161.131:2078
217.165.85.223:993
78.100.225.34:2222
85.114.110.108:443
102.38.96.108:995
123.240.131.1:443
109.158.159.179:993
186.105.182.127:443
190.44.40.48:995
88.233.194.154:2222
70.51.132.197:2222
179.111.111.88:32101
194.166.207.160:995
41.111.126.13:995
71.10.27.196:2222
191.97.234.238:995
41.69.118.117:995
47.146.182.110:443
197.204.194.6:443
194.49.79.231:443
41.250.11.210:443
88.242.228.16:53
88.244.84.195:443
84.38.133.191:443
175.110.231.67:443
191.84.204.214:995
196.92.172.24:8443
186.50.245.74:995
100.1.5.250:995
2.185.206.148:990
78.182.113.80:443
91.116.160.252:443
41.96.171.218:443
105.109.138.89:443
41.98.243.244:443
81.214.220.237:443
187.205.222.100:443
95.136.41.50:443
190.158.58.236:443
105.99.80.23:443
105.197.192.21:995
181.127.138.30:443
167.60.82.242:995
196.112.34.71:443
88.251.38.53:443
68.224.229.42:443
37.37.206.87:995
37.76.197.124:443
188.157.6.170:443
68.50.190.55:443
181.111.20.201:443
31.166.116.171:443
84.238.253.171:443
197.49.50.44:443
169.159.95.135:2222
45.160.124.211:995
113.22.102.155:443
211.248.176.4:443
186.167.249.206:443
85.98.206.165:995
139.195.132.210:2222
182.213.208.5:443
201.177.163.176:443
45.183.234.180:443
98.180.234.228:443
184.82.110.50:995
179.24.245.193:995
94.99.110.157:995
181.56.125.32:443
119.42.124.18:443
181.231.229.133:443
2.89.78.130:993
70.81.121.237:2222
181.81.116.144:443
197.11.128.156:443
41.142.132.190:443
105.111.60.60:995
154.238.151.197:995
156.219.49.22:995
179.223.89.154:995
102.101.231.141:443
220.116.250.45:443
138.0.114.166:443
62.114.193.186:995
85.98.46.114:443
184.99.123.118:443
186.120.58.88:443
46.186.216.41:32100
156.213.107.29:995
27.73.215.46:32102
68.151.196.147:995
181.59.3.118:443
68.129.232.158:443
45.241.140.181:995
212.156.51.194:443
87.75.195.211:443
1.10.253.207:443
87.220.229.164:2222
109.200.165.82:443
41.105.197.244:443
190.59.247.136:995
219.69.103.199:443
61.105.45.244:443
105.105.104.0:443
169.1.47.111:443
210.195.18.76:2222
125.26.54.57:995
88.246.170.2:443
95.10.13.82:443
171.248.157.128:995
118.68.220.199:443
139.195.63.45:2222
118.216.99.232:443
181.80.133.202:443
102.40.236.32:995
46.116.229.16:443
61.70.29.53:443
179.108.32.195:443
171.238.230.59:443
81.56.22.251:995
31.32.180.179:443
186.64.87.202:443
85.139.203.42:32101
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Signatures
-
Qakbot family
Files
-
1260-57-0x00000000001E0000-0x0000000000202000-memory.dmp.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 95KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ