qakbot | quak[.]dll

Resubmissions

20-03-2023 20:10

230320-yx3gcafc24 10

20-03-2023 10:43

230320-msm1bafa5t 10

20-03-2023 10:23

230320-me3hvach68 10

18-03-2023 10:19

230318-mcwyaaea3z 10

Sharing

Copy URL

Twitter E-mail

General

Target

quak.dll
Size

216KB
MD5

58e1c32eeb0130da19625e55ee48cf1e
SHA1

00ae1c5066f67e5e71285de99bea8d8b67085743
SHA256

f5ff6dbf5206cc2db098b41f5af14303f6dc43e36c5ec02604a50d5cfecf4790
SHA512

31ea3186c3c7b77f815e1bc060add4a6c7b3abddf98c5a615a5779472ea46eeacfe256286f8dd741deb29d1d43889f05854462ba621f0f5065cd1e36b61478f2
SSDEEP

3072:4FCXMfyhFPZ8H7kJiIceKozOMeNJwOUJCfUfWcxQvAKChQztvWZZOtyFb8e:lXPFP6HWriMeN2rJCyWVDhM55

Score

10^/10

spx143 1592482956 qakbot

Malware Config

Extracted

Family

qakbot

Version

324.142

Botnet

spx143

Campaign

1592482956

39.36.254.179:995

24.139.132.70:443

24.202.42.48:2222

72.204.242.138:443

172.242.156.50:995

72.204.242.138:20

68.174.15.223:443

74.193.197.246:443

96.56.237.174:990

64.19.74.29:995

70.168.130.172:443

189.236.166.167:443

68.4.137.211:443

76.187.8.160:443

76.86.57.179:2222

73.226.220.56:443

67.250.184.157:443

75.183.171.155:3389

173.172.205.216:443

173.3.132.17:995

Signatures

Qakbot family
qakbot

Files

quak.dll
.exe windows x86

f83b544e96ab46c08e00b6dc80fbb352

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

GetUserProfileDirectoryW

ole32

CoInitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

kernel32

GetLastError
GetProcAddress
LoadLibraryA
lstrcmpiW
GetModuleHandleA
CloseHandle
GetCurrentProcessId
GetEnvironmentVariableW
lstrlenA
WideCharToMultiByte
lstrcatA
GetEnvironmentVariableA
MultiByteToWideChar
lstrlenW
lstrcatW
lstrcpyA
HeapAlloc
HeapFree
HeapCreate
VirtualAlloc
GetFileSize
lstrcmpiA
GetModuleFileNameA
GetThreadContext
GetCurrentProcess
CreateEventA
LoadLibraryW
TerminateProcess
DeleteFileW
ResumeThread
ExpandEnvironmentStringsW
GetComputerNameW
GetVolumeInformationW
ReleaseMutex
GetExitCodeProcess
GetSystemTimeAsFileTime
SetEnvironmentVariableW
GetTickCount
GetModuleFileNameW
GetSystemInfo
SetEnvironmentVariableA
GetVersionExA
GetWindowsDirectoryW
SetEvent
OpenEventA
CopyFileW
TerminateThread
CreateThread
GetFileAttributesA
GetFileAttributesW
GetCurrentThread
LocalAlloc
GetLocalTime
LocalFree
lstrcpyW
CreateDirectoryW
SleepEx
WaitForSingleObject
FreeLibrary
GetDriveTypeW
lstrcmpA
GetCommandLineW
ExitProcess
lstrcpynW
Sleep
SystemTimeToFileTime
GetSystemTime
GetModuleHandleW
CreateMutexA

user32

CharUpperBuffA
MessageBoxA
GetClassNameA
CharUpperBuffW

advapi32

RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
LookupAccountNameW
EqualSid
SetServiceStatus
RegUnLoadKeyW
RegLoadKeyW
ConvertSidToStringSidW
RegSetValueExW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegCloseKey
SetFileSecurityW
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
LookupAccountSidW
CreateProcessAsUserW

msvcrt

_vsnprintf
_ltoa
_except_handler3
memset
_vsnwprintf
memcpy

netapi32

NetApiBufferFree
NetUserEnum
NetGetDCName

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

f83b544e96ab46c08e00b6dc80fbb352

Headers

DLL Characteristics

File Characteristics

Imports

userenv

ole32

shell32

setupapi

kernel32

user32

advapi32

msvcrt

netapi32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 152KB - Virtual size: 151KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 152KB - Virtual size: 151KB

.reloc
Size: 3KB - Virtual size: 2KB