qakbot | Unpacked_Hash_a8a8ebe59ca3a4f61f37679c8d109a99cb365f0400c5061cc7149d5c9f3a2213[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

Unpacked_Hash_a8a8ebe59ca3a4f61f37679c8d109a99cb365f0400c5061cc7149d5c9f3a2213.bin
Size

132KB
MD5

12e11f7def78fc1af7d5080ac3fcd749
SHA1

23813bdfdef572603e94dd777301d4e0d99ce860
SHA256

a8a8ebe59ca3a4f61f37679c8d109a99cb365f0400c5061cc7149d5c9f3a2213
SHA512

f64b729f4111f29281b5b33bc01934e514df1f5f4e36e792bd0df1f9eb6e303704376868128a8203c149f0825683c60a6b6459e28bff4f754bd75735b5e9ad38
SSDEEP

3072:MjPR4nxKRttVbYKAk67CERzMRAPJyDnQMTBfPuq:MHRxbYK0CEMaPJynQMTBHN

Score

10^/10

obama243 1678889958 qakbot

Malware Config

Extracted

Family

qakbot

Version

404.263

Botnet

obama243

Campaign

1678889958

91.196.69.245:443

90.104.22.28:2222

37.14.229.220:2222

88.126.94.4:50000

92.159.173.52:2222

122.184.143.85:443

85.61.165.153:2222

86.195.14.72:2222

92.154.17.149:2222

47.203.229.168:443

98.187.21.2:443

70.51.152.61:2222

91.68.227.219:443

92.154.45.81:2222

88.122.133.88:32100

98.147.155.235:443

91.254.229.61:443

213.31.90.183:2222

174.118.36.28:443

197.14.148.149:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

Qakbot family
qakbot

Files

Unpacked_Hash_a8a8ebe59ca3a4f61f37679c8d109a99cb365f0400c5061cc7149d5c9f3a2213.bin
.dll windows x86

b70e2d870f81cd9daf7c6a2654df653e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

windowscodecs

WICMapSchemaToName
WICMapShortNameToGuid
WICMapGuidToShortName

msvcrt

localeconv
strtod
strchr
strncpy
_time64
malloc
free
memset
memchr
_strtoi64
_errno
_snprintf
_ftol2_sse
_vsnwprintf
memcpy
atol
qsort
_vsnprintf

kernel32

GetModuleHandleW
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
GetModuleHandleA
LoadLibraryA
GetCurrentProcessId
lstrcatW
WideCharToMultiByte
LoadLibraryW
FreeLibrary
GetCommandLineW
GetVersionExA
GetSystemInfo
GetCurrentDirectoryW
GetWindowsDirectoryW
lstrcmpiA
GetSystemTimeAsFileTime
FindFirstFileW
FindNextFileW
SetFileAttributesW
GetExitCodeProcess
LocalAlloc
lstrlenW
FlushFileBuffers
SetThreadPriority
GetTickCount
lstrcpynA
MoveFileW
K32GetModuleFileNameExW
lstrcmpA
DisconnectNamedPipe
GetProcessId
GetCurrentThread
CreateMutexW
lstrcatA
CreateDirectoryW
GetLastError
lstrcpynW
GetDriveTypeW
lstrcmpiW
Sleep
SetCurrentDirectoryA
GetLocaleInfoA
GetFileAttributesW
SwitchToThread
MultiByteToWideChar

user32

RegisterClassExA
UnregisterClassA
CreateWindowExA
DestroyWindow
CharUpperBuffW
CharUpperBuffA
DefWindowProcW

gdi32

CreatePatternBrush
GdiTransparentBlt
CreateHalftonePalette
CreateFontIndirectExW
CreateEnhMetaFileA
CreateScalableFontResourceA
CreatePenIndirect
CreateSolidBrush
CreateEllipticRgn
CreateDIBPatternBrush
CreateDIBPatternBrushPt
CreateRoundRectRgn
CreateRectRgnIndirect
CreateEllipticRgnIndirect
CreateHatchBrush
CreateBrushIndirect
CreateBitmapIndirect
GdiGetBatchLimit
CreateDIBSection
CreateFontA
CreateScalableFontResourceW

advapi32

CreatePrivateObjectSecurity
GetEventLogInformation
AddAccessDeniedAce
BuildTrusteeWithSidA
AccessCheckByTypeAndAuditAlarmA
AddAccessAllowedAceEx
EnumerateTraceGuidsEx
AccessCheckAndAuditAlarmA
ChangeServiceConfig2A
AddAccessAllowedAce
EventWriteString
EventActivityIdControl
ConvertToAutoInheritPrivateObjectSecurity
GetAce
FindFirstFreeAce
EventWrite
EventWriteEx
AddAuditAccessObjectAce
EqualDomainSid
EventWriteTransfer
CloseTrace

shell32

CommandLineToArgvW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance

oleaut32

SafeArrayGetUBound
VariantClear
SafeArrayGetLBound
SysFreeString
SysAllocString
SafeArrayGetElement
SafeArrayDestroy

Exports

Exports

ABC123
XS88
a782
mqmq

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

b70e2d870f81cd9daf7c6a2654df653e

Headers

File Characteristics

Imports

windowscodecs

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB