DllInstall
DllRegisterServer
General
-
Target
CryptOne_Exec_6f022109b692878e6e1c4871270d4d90cf54d315fb6010fabb941d6bc6c0012c.bin
-
Size
157KB
-
MD5
354f81a72e3e2ddc03fa86f155b19474
-
SHA1
96b65805c3a2fde0a4b9d4570d1a39499c0c68b0
-
SHA256
00ccb81a87edee4c73b6f6984ddc4ae72d3372858bd1ae1cf4f8824746efe888
-
SHA512
02b2d6216ceb896f02cb883feed9f912612d97e54286f4f677bfad07053f864429ef46855cc2fdb2d38fd3d78284ef872475b8e733e4d3e50292489ed21239e5
-
SSDEEP
3072:JxkBIz2m1NT0znxB8AXJHrzl/TBfZvgKEO/yan:UTGeznxBZXJLzl/TBRvtv/f
Score
10/10
Malware Config
Extracted
Family
qakbot
Version
404.20
Botnet
BB05
Campaign
1667543522
C2
190.199.161.250:993
92.25.139.40:443
157.231.42.190:995
186.73.140.43:443
70.66.199.12:443
216.82.134.218:443
174.77.209.5:443
139.216.164.122:443
91.169.12.198:32100
139.5.239.14:443
50.37.149.215:443
74.92.243.113:995
74.92.243.113:50000
49.175.72.56:443
24.142.218.202:443
136.232.184.134:995
181.118.183.103:443
174.101.111.4:443
47.34.30.133:443
41.44.11.227:995
89.216.114.179:443
80.0.74.165:443
92.239.222.177:443
94.60.141.48:995
64.207.237.118:443
72.53.103.56:443
174.104.184.149:443
203.217.65.6:443
86.225.214.138:2222
45.49.137.80:443
76.68.34.167:2222
92.24.200.226:995
144.202.15.58:443
74.33.84.227:443
201.102.237.203:443
41.96.68.5:443
73.29.92.128:443
84.209.52.11:443
50.68.204.71:443
58.247.115.126:995
201.192.179.221:443
105.184.161.175:443
212.251.122.147:995
2.103.22.24:443
41.230.166.34:995
65.25.116.200:443
99.254.117.30:443
184.153.132.82:443
154.247.15.173:995
154.247.15.173:32103
154.247.15.173:993
193.3.19.137:443
142.115.159.36:2222
190.18.236.175:443
91.138.17.202:443
67.10.175.47:2222
84.113.121.103:443
157.231.42.190:443
73.165.119.20:443
190.24.45.24:995
187.199.171.252:32103
73.36.196.11:443
75.156.125.215:995
50.68.204.71:993
36.152.128.7:2078
24.69.87.61:443
58.162.223.233:443
94.63.65.146:443
75.99.125.238:2222
190.36.189.154:2222
50.68.204.71:995
24.4.239.157:443
174.0.224.214:443
24.206.27.39:443
136.244.25.165:443
24.64.114.59:2222
90.104.22.28:2222
84.35.26.14:995
197.204.243.188:443
175.205.2.54:443
184.162.156.115:2222
190.79.133.56:2222
24.64.114.59:3389
75.98.154.19:443
85.61.165.153:2222
200.233.108.153:995
70.181.149.227:443
85.59.61.52:2222
70.64.77.115:443
151.237.76.117:443
72.80.249.39:995
190.29.228.61:443
151.30.53.233:443
46.229.194.17:443
73.60.227.230:443
75.141.227.169:443
173.238.202.233:443
50.86.217.209:443
98.145.23.67:443
173.32.181.236:443
87.220.68.51:2222
187.135.153.221:2222
190.204.83.110:2222
58.186.75.42:443
206.1.199.69:2087
190.27.77.14:995
46.190.93.247:50000
91.165.188.74:50000
94.49.5.116:443
110.23.76.9:2222
174.58.146.57:443
190.74.248.136:443
73.88.173.113:443
190.203.11.218:443
24.232.88.41:443
27.33.237.105:443
173.209.185.159:443
86.157.12.148:443
Attributes
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Signatures
-
Qakbot family
Files
-
CryptOne_Exec_6f022109b692878e6e1c4871270d4d90cf54d315fb6010fabb941d6bc6c0012c.bin.dll regsvr32 windows x86
243b9f9082a56e7680f2feb8bfe22095
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
memchr
_strtoi64
_errno
_snprintf
qsort
_vsnprintf
memset
_time64
_vsnwprintf
malloc
strncpy
strchr
strtod
localeconv
_ftol2_sse
free
atol
memcpy
kernel32
GetTickCount
GetModuleHandleA
GetWindowsDirectoryW
GetCurrentDirectoryW
GetSystemInfo
GetVersionExA
CreateMutexW
DuplicateHandle
GetCurrentThread
lstrcmpA
GetLastError
lstrcatA
GetLocaleInfoA
CreateDirectoryW
DisconnectNamedPipe
lstrcpynW
GetProcessId
lstrcatW
lstrcpyW
GetFileAttributesW
SetCurrentDirectoryA
Sleep
lstrcmpiW
GetDriveTypeW
K32GetModuleFileNameExW
MoveFileW
lstrcpynA
lstrlenW
GetCurrentProcessId
SwitchToThread
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
HeapCreate
HeapFree
HeapAlloc
LoadLibraryA
FreeLibrary
lstrcmpiA
GetSystemTimeAsFileTime
SetThreadPriority
GetExitCodeProcess
FindFirstFileW
FindNextFileW
SetFileAttributesW
LocalAlloc
FlushFileBuffers
LoadLibraryW
GetCommandLineW
user32
GetIconInfo
CopyIcon
GetDC
CharUpperBuffA
CharUpperBuffW
RegisterClassExA
UnregisterClassA
CreateWindowExA
DestroyWindow
DefWindowProcW
DrawIconEx
GetCursorInfo
gdi32
SelectObject
GetObjectW
BitBlt
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
GetDIBits
GetDeviceCaps
DeleteDC
shell32
CommandLineToArgvW
ole32
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
oleaut32
VariantClear
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayDestroy
SysFreeString
SysAllocString
SafeArrayGetLBound
Exports
Exports
Sections
.text Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ