Behavioral task
behavioral1
Sample
4564-155-0x0000000010000000-0x0000000010023000-memory.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
4564-155-0x0000000010000000-0x0000000010023000-memory.dll
Resource
win10v2004-20220812-en
General
-
Target
4564-155-0x0000000010000000-0x0000000010023000-memory.dmp
-
Size
140KB
-
MD5
dcb3483a8843d5335233a571096f7b2f
-
SHA1
f3fdd51477f1134de2a68f79de077761f340837e
-
SHA256
57d6276da0abf835d82cbb6e661f3aae98511f4527a176f94c4882f0abc160d9
-
SHA512
07d2f71263dd2890c996c37f94bf92d7f0577daadb14fc13c96b6e2b83d0fc9afd1d4be7a2d2aed87d2862cf2e4122009c067eefcca3412f3c9761d9f8ea3165
-
SSDEEP
3072:fYsvVxGf6etSkipCRP2HSxGRA7JiGnwH8TBfPfYZzc:fPuf6ecDC1xGa7JfnwH8TBHAZzc
Malware Config
Extracted
qakbot
404.492
BB14
1675755007
50.68.186.195:443
69.242.31.249:443
88.126.112.14:50000
73.161.176.218:443
87.149.176.97:443
92.154.45.81:2222
50.68.204.71:443
86.195.14.72:2222
136.244.25.165:443
75.143.236.149:443
109.149.147.177:2222
171.97.42.67:443
86.96.72.139:2222
87.202.101.164:50000
104.35.24.154:443
174.104.184.149:443
45.72.110.133:443
12.172.173.82:50001
92.154.17.149:2222
2.14.144.105:2222
72.80.7.6:995
82.127.204.82:2222
86.194.156.14:2222
71.52.53.166:443
89.32.158.118:995
92.186.69.229:2222
103.231.216.238:443
182.180.105.242:443
24.64.112.40:61202
181.118.206.65:995
162.248.14.107:443
75.98.154.19:443
12.172.173.82:995
92.177.204.2:2222
47.21.51.138:995
24.239.69.244:443
73.165.119.20:443
197.204.241.104:443
74.33.196.114:443
70.160.80.210:443
50.68.204.71:993
114.143.176.234:443
12.172.173.82:20
24.64.112.40:2078
103.42.86.238:995
193.154.200.140:443
90.104.22.28:2222
109.11.175.42:2222
200.84.210.63:2222
81.151.102.224:443
12.172.173.82:465
98.145.23.67:443
47.34.30.133:443
172.248.42.122:443
49.175.72.56:443
173.18.126.3:443
24.71.120.191:443
156.217.208.137:995
95.94.41.77:2222
27.0.48.205:443
69.119.123.159:2222
202.186.177.88:443
90.78.138.217:2222
12.172.173.82:32101
72.203.216.98:2222
81.229.117.95:2222
12.172.173.82:2087
76.170.252.153:995
27.0.48.233:443
84.35.26.14:995
73.36.196.11:443
12.172.173.82:990
103.123.221.16:443
86.225.214.138:2222
92.207.132.174:2222
121.121.100.207:995
74.92.243.113:50000
150.107.231.59:2222
71.31.101.183:443
84.215.202.22:443
198.2.51.242:993
92.8.191.120:2222
86.250.12.217:2222
50.68.204.71:995
201.244.108.183:995
202.142.98.62:995
91.170.115.68:32100
202.142.98.62:443
183.87.163.165:443
116.72.250.18:443
114.79.180.14:995
76.80.180.154:995
123.3.240.16:995
100.10.72.114:443
70.64.77.115:443
58.247.115.126:995
103.141.50.151:995
116.75.63.203:443
149.74.159.67:2222
108.2.111.66:995
50.67.17.92:443
80.0.74.165:443
59.28.84.65:443
217.165.186.116:2222
47.21.51.138:443
103.212.19.254:995
136.232.184.134:995
67.61.71.201:443
24.228.132.224:2222
208.187.122.74:443
75.156.125.215:995
70.77.116.233:443
184.155.91.69:443
103.252.7.228:443
67.253.226.137:995
67.10.175.47:2222
70.27.104.2:2222
47.149.95.10:443
209.142.97.83:995
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Signatures
-
Qakbot family
Files
-
4564-155-0x0000000010000000-0x0000000010023000-memory.dmp.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ