Behavioral task
behavioral1
Sample
1252-59-0x0000000000170000-0x00000000001F0000-memory.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1252-59-0x0000000000170000-0x00000000001F0000-memory.dll
Resource
win10v2004-20220812-en
General
-
Target
1252-59-0x0000000000170000-0x00000000001F0000-memory.dmp
-
Size
512KB
-
MD5
4e7ae1d84095953f8c4ee1021f514b30
-
SHA1
4a54f38eda9948ba1a7586be8c1f11c22c9c260d
-
SHA256
dfd91c9c9d221d62eb180c52691f179821ad2c6779799a96dd942bd82d2556fe
-
SHA512
406adb27fe5b5b88d72663cbb9aa880b47f14175eaf3e573f3ee10ec3d5d5525ffc9a8ced5c58188623080735018dba3e1aeb3c806dd76bf9ca13371fcf25d55
-
SSDEEP
12288:Xe8W8aXJTYcTb4k5IM/Q9r2420Tmsr4Xzx93JRr2m5ovPi/VH:XvotTblVMr2B0T61/dT5ei/VH
Malware Config
Extracted
qakbot
-
salt
�-2ݭs7�W}%�y��&��D�@��������V�B ���4^0$��~��PP���(0��)�����Ct�Ӗ�}ڎH�����=S0>0( ��1v�K����n���^�%-��&�3������r\��a?��ܼ�lrܫ@bU��vL��G���M[,�I�����1 �_���<���-�+���/RV�)V�s10,������ �c���ި�WB�yq|%X�)��K��vӥH��~ n1�!n�\���t�X��+-v_H>��'���D���M��@�vpo5�5�q��D�~�:�"{̥��A�#.<�Uq��4O�{���d`)~��it��x�}���ػW!�NHL�l�I�=+mP���t��<���n~5*W�l�?c����e���Ct윉��Y�d��[J�L�����9W��z� 2�:��ի2!8s�#�<���p��H� 9W��5RPR�
Signatures
-
Qakbot family
Files
-
1252-59-0x0000000000170000-0x00000000001F0000-memory.dmp.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 97KB - Virtual size: 96KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ