qakbot | 0307ab4d314e349614030c4fde71a9d5f0fba388efcc24dd621ccf8466166c8f[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

0307ab4d314e349614030c4fde71a9d5f0fba388efcc24dd621ccf8466166c8f.dll
Size

133KB
MD5

1274c28cd397874482b003818a1289d1
SHA1

be7c58d18a5d10dd7e3571fe8a7019382fa89b5a
SHA256

0307ab4d314e349614030c4fde71a9d5f0fba388efcc24dd621ccf8466166c8f
SHA512

7f322e636e2d1f4ae143f474674a90388ab410156097334482108f115360e97adf27a5a2ffee418365ba3981a251d6627159acf2699d9901f0468b879762a87c
SSDEEP

3072:SQNbnQ4MnC3pDGCjZJzkWjGRAuJjen68TBfPOo/q:Sp4MnCZCCViWjGauJyn68TBHOo/q

Score

10^/10

tok01 1676453967 qakbot

Malware Config

Extracted

Family

qakbot

Version

404.510

Botnet

tok01

Campaign

1676453967

75.143.236.149:443

85.61.165.153:2222

103.231.216.238:443

181.118.206.65:995

183.87.163.165:443

98.145.23.67:443

150.107.231.59:2222

122.184.143.82:443

82.127.204.82:2222

136.244.25.165:443

50.68.204.71:443

162.248.14.107:443

114.79.180.14:995

75.98.154.19:443

86.130.9.232:2222

124.122.56.144:443

85.241.180.94:443

2.99.47.198:2222

109.150.179.236:2222

73.29.92.128:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

Qakbot family
qakbot

Files

0307ab4d314e349614030c4fde71a9d5f0fba388efcc24dd621ccf8466166c8f.dll
.dll windows x86

1bd51003f5494b32d39257bf6bbbb175

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

windowscodecs

WICMapSchemaToName
WICMapShortNameToGuid
WICMapGuidToShortName

msvcrt

localeconv
strtod
strchr
strncpy
_time64
malloc
free
memset
memchr
_strtoi64
_errno
_snprintf
_ftol2_sse
_vsnwprintf
memcpy
atol
qsort
_vsnprintf

kernel32

SwitchToThread
GetModuleHandleW
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
GetModuleHandleA
lstrlenW
MultiByteToWideChar
lstrcatW
WideCharToMultiByte
LoadLibraryW
FreeLibrary
GetCommandLineW
GetVersionExA
GetSystemInfo
GetCurrentDirectoryW
GetWindowsDirectoryW
lstrcmpiA
GetSystemTimeAsFileTime
FindFirstFileW
FindNextFileW
SetFileAttributesW
GetExitCodeProcess
LocalAlloc
lstrcpynA
FlushFileBuffers
SetThreadPriority
GetTickCount
MoveFileW
K32GetModuleFileNameExW
lstrcmpA
DisconnectNamedPipe
GetProcessId
GetCurrentThread
DuplicateHandle
CreateMutexW
lstrcatA
CreateDirectoryW
GetLastError
lstrcpynW
GetDriveTypeW
lstrcmpiW
Sleep
SetCurrentDirectoryA
GetLocaleInfoA
GetFileAttributesW
GetCurrentProcessId
LoadLibraryA

user32

RegisterClassExA
UnregisterClassA
CreateWindowExA
DestroyWindow
CharUpperBuffW
CharUpperBuffA
DefWindowProcW

gdi32

CreatePatternBrush
GdiTransparentBlt
CreateHalftonePalette
CreateFontIndirectExW
CreateEnhMetaFileA
CreateScalableFontResourceA
CreatePenIndirect
CreateSolidBrush
CreateEllipticRgn
CreateDIBPatternBrush
CreateDIBPatternBrushPt
CreateRoundRectRgn
CreateRectRgnIndirect
CreateEllipticRgnIndirect
CreateHatchBrush
CreateBrushIndirect
CreateBitmapIndirect
GdiGetBatchLimit
CreateDIBSection
CreateFontA
CreateScalableFontResourceW

advapi32

CreatePrivateObjectSecurity
GetEventLogInformation
AddAccessDeniedAce
BuildTrusteeWithSidA
AccessCheckByTypeAndAuditAlarmA
AddAccessAllowedAceEx
EnumerateTraceGuidsEx
AccessCheckAndAuditAlarmA
ChangeServiceConfig2A
AddAccessAllowedAce
EventWriteString
EventActivityIdControl
ConvertToAutoInheritPrivateObjectSecurity
GetAce
FindFirstFreeAce
EventWrite
EventWriteEx
AddAuditAccessObjectAce
EqualDomainSid
EventWriteTransfer
CloseTrace

shell32

CommandLineToArgvW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance

oleaut32

SafeArrayGetUBound
VariantClear
SafeArrayGetLBound
SysFreeString
SysAllocString
SafeArrayGetElement
SafeArrayDestroy

Exports

Exports

Wind

Sections

.text
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

1bd51003f5494b32d39257bf6bbbb175

Headers

File Characteristics

Imports

windowscodecs

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 100KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 99KB - Virtual size: 100KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB