Overview

overview

10

Static

static

10

1916-55-0x...ry.dll

windows7-x64

1

1916-55-0x...ry.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1916-55-0x0000000010000000-0x0000000010024000-memory.dmp

  • Size

    144KB

  • MD5

    092c40292d24095ce53798532c23d373

  • SHA1

    a8355cb1db08f53f9f3dc965055e78e9bd423c3c

  • SHA256

    5668126c7260878faf8656f3a245a55035f0e6a0b961007c37d7120e326f03ae

  • SHA512

    5d0a7bb4b407f3ec6ae50901824ec980475d4c0efff27f8edfc021fca6e27b3b1a922174e947321e44d52089d5dcc256e69cd1574c9645e1a67c2650162d082c

  • SSDEEP

    3072:Jg0KGh5Z8j3EzihlFsUA9QJb4VMHu8TBff5u0dQ:1KGJGEz+lOB2JEVMHu8TB30wQ

Score
10/10
bb261683182516qakbot

Malware Config

Extracted

Family

qakbot

Version

404.1035

Botnet

BB26

Campaign

1683182516

C2

47.199.241.39:443

98.176.5.56:443

93.150.183.229:2222

184.176.35.223:2222

75.143.236.149:443

14.192.241.76:995

92.1.170.110:995

73.29.92.128:443

184.153.132.82:443

201.244.108.183:995

92.188.241.102:443

83.114.60.6:2222

86.130.9.128:2222

86.250.12.86:2222

47.21.51.138:443

108.190.115.159:443

98.19.224.125:995

147.147.30.126:2222

12.172.173.82:465

92.149.250.113:2222
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

  • Qakbot family
    qakbot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1916-55-0x0000000010000000-0x0000000010024000-memory.dmp
    .dll windows x86


    Headers

    Sections