qakbot | bc72cff19873902cd96082feb4828d4f6e3dd1fd3d243067db3b7bad774462b7[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

bc72cff19873902cd96082feb4828d4f6e3dd1fd3d243067db3b7bad774462b7.bin
Size

158KB
MD5

8c58b99f34f579ee710b88d4318e572a
SHA1

2174ef54afed45660fc1808ae77bc8cfa1d02f6f
SHA256

bc72cff19873902cd96082feb4828d4f6e3dd1fd3d243067db3b7bad774462b7
SHA512

514876114452c303535c909048dc521059e9652426d936c8de890c898285d5499f3347ee133427352bd1412b1a6351de385e732076446b8c6e292e1b9a0493f3
SSDEEP

3072:ygikbXp3BvScvqzzxVvAAWJ6AzaHTBfZSJO/ya3cv:1TdRXvqXxh1WJJzaHTBRSg/

Score

10^/10

azd 1670585125 qakbot

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

azd

Campaign

1670585125

172.90.139.138:2222

90.116.219.167:2222

173.239.94.212:443

91.169.12.198:32100

74.66.134.24:443

66.191.69.18:995

182.75.189.42:995

78.69.251.252:2222

98.145.23.67:443

103.71.21.107:443

197.94.219.133:443

91.68.227.219:443

12.172.173.82:993

86.176.83.127:2222

64.121.161.102:443

41.98.21.114:443

92.154.17.149:2222

151.65.67.211:443

89.129.109.27:2222

76.11.14.249:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

Qakbot family
qakbot

Files

bc72cff19873902cd96082feb4828d4f6e3dd1fd3d243067db3b7bad774462b7.bin
.dll windows x86

bb8f7c7fc8b521232817f0f359bdf0f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memchr
_strtoi64
_errno
_snprintf
qsort
_vsnprintf
memset
_time64
_vsnwprintf
malloc
strncpy
strchr
strtod
localeconv
_ftol2_sse
free
atol
memcpy

kernel32

GetExitCodeProcess
GetTickCount
GetModuleHandleA
GetWindowsDirectoryW
GetCurrentDirectoryW
GetSystemInfo
GetVersionExA
CreateMutexW
DuplicateHandle
GetCurrentThread
lstrcmpA
GetLastError
lstrcatA
GetLocaleInfoA
CreateDirectoryW
DisconnectNamedPipe
lstrcpynW
GetProcessId
GetFileAttributesW
SetCurrentDirectoryA
Sleep
lstrcmpiW
GetDriveTypeW
K32GetModuleFileNameExW
MoveFileW
lstrcpynA
lstrlenW
GetCurrentProcessId
SwitchToThread
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
lstrcatW
WideCharToMultiByte
HeapCreate
HeapFree
HeapAlloc
LoadLibraryA
FreeLibrary
lstrcmpiA
GetSystemTimeAsFileTime
SetThreadPriority
FindFirstFileW
FindNextFileW
SetFileAttributesW
LocalAlloc
FlushFileBuffers
LoadLibraryW
GetCommandLineW

user32

GetIconInfo
CopyIcon
GetDC
CharUpperBuffA
CharUpperBuffW
RegisterClassExA
UnregisterClassA
CreateWindowExA
DestroyWindow
DefWindowProcW
DrawIconEx
GetCursorInfo

gdi32

SelectObject
GetObjectW
BitBlt
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
GetDIBits
GetDeviceCaps
DeleteDC

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VariantClear
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayDestroy
SysFreeString
SysAllocString
SafeArrayGetLBound

Exports

Exports

DrawThemeIcon

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

bb8f7c7fc8b521232817f0f359bdf0f2

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 3KB - Virtual size: 3KB