qakbot | 523b09a6c2683d9d7bdc78042a049102798306503181a5c5efbc55c95087a2af[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

523b09a6c2683d9d7bdc78042a049102798306503181a5c5efbc55c95087a2af.dll
Size

131KB
MD5

14502c4888cf96d06062a42a7ce38e6c
SHA1

75459fcf25b63f06baadf1c25fbb74d6f2e26b7d
SHA256

523b09a6c2683d9d7bdc78042a049102798306503181a5c5efbc55c95087a2af
SHA512

b574ce6a33bc4d258575909c4b60edcfa2b225c9e007cee329767422da2c7ebc7cce7bd4c4065b1e129e3e5f62fd7120df1405e7a9b1bd04cc4dc6a9e40a5513
SSDEEP

3072:muUtexa1mQ4GH6MlnzXFAEJjsVVHcT8TBffGWpnKp:m3teP/GaMlT2EJ4VVHcT8TB3

Score

10^/10

bb23 1681201433 qakbot

Malware Config

Extracted

Family

qakbot

Version

404.919

Botnet

BB23

Campaign

1681201433

92.9.45.20:2222

23.30.22.225:50003

79.77.142.22:2222

86.45.66.141:2222

12.172.173.82:20

86.99.79.136:2222

162.248.14.107:443

23.30.22.225:443

71.31.100.192:443

86.98.23.66:443

178.175.187.254:443

90.104.151.37:2222

84.155.13.118:995

98.145.23.67:443

77.126.185.173:443

103.141.50.79:995

12.172.173.82:993

184.176.35.223:2222

70.112.206.5:443

103.42.86.42:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

Qakbot family
qakbot

Files

523b09a6c2683d9d7bdc78042a049102798306503181a5c5efbc55c95087a2af.dll
.dll windows x86

c5a88ca097e1b40798ff4233949b9dbf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

windowscodecs

WICMapSchemaToName
WICMapShortNameToGuid
WICMapGuidToShortName

msvcrt

localeconv
strtod
strchr
strncpy
_time64
malloc
free
memset
memchr
_strtoi64
_errno
_snprintf
_ftol2_sse
_vsnwprintf
memcpy
atol
qsort
_vsnprintf

kernel32

SwitchToThread
GetModuleHandleW
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
GetModuleHandleA
LoadLibraryA
GetNumberFormatA
lstrcatW
WideCharToMultiByte
lstrlenW
LoadLibraryW
FreeLibrary
GetCommandLineW
GetVersionExA
GetSystemInfo
GetCurrentDirectoryW
GetWindowsDirectoryW
lstrcmpiA
GetSystemTimeAsFileTime
GetExitCodeProcess
FindFirstFileW
FindNextFileW
SetFileAttributesW
LocalAlloc
lstrcpynA
FlushFileBuffers
SetThreadPriority
GetTickCount
ExitThread
MoveFileW
K32GetModuleFileNameExW
lstrcmpA
DisconnectNamedPipe
GetProcessId
GetCurrentThread
CreateMutexW
lstrcatA
CreateDirectoryW
GetLastError
lstrcpynW
GetDriveTypeW
lstrcmpiW
Sleep
SetCurrentDirectoryA
GetFileAttributesW
GetCurrentProcessId
MultiByteToWideChar

user32

RegisterClassExA
UnregisterClassA
CreateWindowExA
DestroyWindow
CharUpperBuffW
CharUpperBuffA
DefWindowProcW

gdi32

CreateFontA
GdiTransparentBlt
CreateHalftonePalette
CreateFontIndirectExW
CreateEnhMetaFileA
CreateScalableFontResourceA
CreatePenIndirect
CreateSolidBrush
CreateEllipticRgn
CreateDIBPatternBrush
CreateScalableFontResourceW
CreateDIBPatternBrushPt
CreateRoundRectRgn
CreateRectRgnIndirect
CreateEllipticRgnIndirect
CreateHatchBrush
CreateBrushIndirect
CreateBitmapIndirect
GdiGetBatchLimit
CreateDIBSection
CreatePatternBrush

advapi32

CreatePrivateObjectSecurity
GetEventLogInformation
AddAccessDeniedAce
AccessCheckByTypeAndAuditAlarmA
AddAccessAllowedAceEx
EnumerateTraceGuidsEx
AccessCheckAndAuditAlarmA
ChangeServiceConfig2A
AddAccessAllowedAce
EventWriteString
EventActivityIdControl
GetAce
ConvertToAutoInheritPrivateObjectSecurity
CloseTrace
FindFirstFreeAce
EventWrite
EventWriteEx
AddAuditAccessObjectAce
EqualDomainSid
EventWriteTransfer

shell32

CommandLineToArgvW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance

oleaut32

SafeArrayGetUBound
VariantClear
SafeArrayGetLBound
SysFreeString
SysAllocString
SafeArrayGetElement
SafeArrayDestroy

Exports

Exports

Nikn

Sections

.text
Size: 96KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

c5a88ca097e1b40798ff4233949b9dbf

Headers

File Characteristics

Imports

windowscodecs

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 100KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 96KB - Virtual size: 100KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB