N115
General
-
Target
620000.dll
-
Size
132KB
-
MD5
69668f3656bb65ddead802f59a080f89
-
SHA1
4fba463110baefa743d58dd8308704cdf95ccfc6
-
SHA256
a414605d5cdeec5193fe37db5f1a6251b4ecc7218d6ab37be96f225b2815634a
-
SHA512
084ba8458c64cd63b96be1bd91825c3ffdc4ec4c4c0d99ccf3b54e2b96987454b71492edf9ac305791e626da18cd821b7c3a5687999ad6076760de3cd2dbc3b6
-
SSDEEP
3072:lbZACs0bYJJZAGL6a+J5iLsvz+4rgCBojVXwmqgAeJzjnOwTBfPafInLR:lbd4JZAcFC8kVeJ/nOwTBHdnV
Score
10/10
Malware Config
Extracted
Family
qakbot
Version
404.9
Botnet
BB16
Campaign
1677046917
C2
47.21.51.138:443
72.80.7.6:50003
82.127.204.82:2222
49.175.72.56:443
201.244.108.183:995
122.184.143.82:443
102.156.253.86:443
74.58.71.237:443
47.21.51.138:995
77.86.98.236:443
71.31.101.183:443
136.232.184.134:995
86.225.214.138:2222
95.242.101.251:995
109.11.175.42:2222
90.78.138.217:2222
184.176.35.223:2222
35.143.97.145:995
202.186.177.88:443
114.79.180.14:995
86.150.47.219:443
183.87.163.165:443
50.68.186.195:443
190.75.95.164:2222
98.145.23.67:443
67.10.175.47:2222
71.212.147.224:2222
88.126.94.4:50000
103.140.174.19:2222
103.231.216.238:443
78.84.123.237:995
180.151.108.14:443
80.47.57.131:2222
198.2.51.242:993
50.68.204.71:995
205.164.227.222:443
147.219.4.194:443
77.124.6.149:443
49.245.82.178:2222
46.10.198.107:443
76.80.180.154:995
12.172.173.82:32101
68.150.18.161:443
68.173.170.110:8443
24.9.220.167:443
12.172.173.82:2087
50.68.204.71:993
107.146.12.26:2222
81.229.117.95:2222
27.0.48.233:443
69.133.162.35:443
59.28.84.65:443
76.170.252.153:995
89.32.159.192:995
202.142.98.62:995
73.78.215.104:443
181.164.217.211:443
92.97.203.51:2222
116.74.164.26:443
103.141.50.102:995
149.74.159.67:2222
116.72.250.18:443
125.99.69.178:443
202.142.98.62:443
67.61.71.201:443
103.123.223.168:443
80.13.205.69:2222
80.0.74.165:443
86.99.54.39:2222
213.67.255.57:2222
176.142.207.63:443
50.67.17.92:443
217.165.1.53:2222
70.64.77.115:443
2.50.47.74:443
66.191.69.18:995
75.143.236.149:443
197.92.136.122:443
108.190.203.42:995
50.68.204.71:443
12.172.173.82:995
70.77.116.233:443
162.248.14.107:443
75.98.154.19:443
58.247.115.126:995
184.68.116.146:61202
41.99.50.76:443
184.68.116.146:3389
72.203.216.98:2222
103.252.7.231:443
12.172.173.82:50001
70.160.80.210:443
12.172.173.82:465
12.172.173.82:21
47.34.30.133:443
202.187.232.161:995
98.147.155.235:443
124.122.56.144:443
75.141.227.169:443
103.144.201.53:2078
172.248.42.122:443
12.172.173.82:990
24.239.69.244:443
173.18.126.3:443
73.165.119.20:443
90.104.22.28:2222
14.192.241.76:995
74.33.196.114:443
74.93.148.97:995
86.202.48.142:2222
174.104.184.149:443
12.172.173.82:20
109.151.144.37:443
104.35.24.154:443
114.143.176.234:443
84.35.26.14:995
45.50.233.214:443
64.237.185.60:443
73.161.176.218:443
Attributes
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Signatures
-
Qakbot family
Files
-
620000.dll.dll windows x86
b70e2d870f81cd9daf7c6a2654df653e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
windowscodecs
WICMapSchemaToName
WICMapShortNameToGuid
WICMapGuidToShortName
msvcrt
localeconv
strtod
strchr
strncpy
_time64
malloc
free
memset
memchr
_strtoi64
_errno
_snprintf
_ftol2_sse
_vsnwprintf
memcpy
atol
qsort
_vsnprintf
kernel32
GetModuleHandleW
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
GetModuleHandleA
LoadLibraryA
GetCurrentProcessId
lstrcatW
WideCharToMultiByte
LoadLibraryW
FreeLibrary
GetCommandLineW
GetVersionExA
GetSystemInfo
GetCurrentDirectoryW
GetWindowsDirectoryW
lstrcmpiA
GetSystemTimeAsFileTime
FindFirstFileW
FindNextFileW
SetFileAttributesW
GetExitCodeProcess
LocalAlloc
lstrlenW
FlushFileBuffers
SetThreadPriority
GetTickCount
lstrcpynA
MoveFileW
K32GetModuleFileNameExW
lstrcmpA
DisconnectNamedPipe
GetProcessId
GetCurrentThread
CreateMutexW
lstrcatA
CreateDirectoryW
GetLastError
lstrcpynW
GetDriveTypeW
lstrcmpiW
Sleep
SetCurrentDirectoryA
GetLocaleInfoA
GetFileAttributesW
SwitchToThread
MultiByteToWideChar
user32
RegisterClassExA
UnregisterClassA
CreateWindowExA
DestroyWindow
CharUpperBuffW
CharUpperBuffA
DefWindowProcW
gdi32
CreatePatternBrush
GdiTransparentBlt
CreateHalftonePalette
CreateFontIndirectExW
CreateEnhMetaFileA
CreateScalableFontResourceA
CreatePenIndirect
CreateSolidBrush
CreateEllipticRgn
CreateDIBPatternBrush
CreateDIBPatternBrushPt
CreateRoundRectRgn
CreateRectRgnIndirect
CreateEllipticRgnIndirect
CreateHatchBrush
CreateBrushIndirect
CreateBitmapIndirect
GdiGetBatchLimit
CreateDIBSection
CreateFontA
CreateScalableFontResourceW
advapi32
CreatePrivateObjectSecurity
GetEventLogInformation
AddAccessDeniedAce
BuildTrusteeWithSidA
AccessCheckByTypeAndAuditAlarmA
AddAccessAllowedAceEx
EnumerateTraceGuidsEx
AccessCheckAndAuditAlarmA
ChangeServiceConfig2A
AddAccessAllowedAce
EventWriteString
EventActivityIdControl
ConvertToAutoInheritPrivateObjectSecurity
GetAce
FindFirstFreeAce
EventWrite
EventWriteEx
AddAuditAccessObjectAce
EqualDomainSid
EventWriteTransfer
CloseTrace
shell32
CommandLineToArgvW
ole32
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
oleaut32
SafeArrayGetUBound
VariantClear
SafeArrayGetLBound
SysFreeString
SysAllocString
SafeArrayGetElement
SafeArrayDestroy
Exports
Exports
Sections
.text Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ