Overview

overview

10

Static

static

10

1324-55-0x...ry.dll

windows7-x64

1

1324-55-0x...ry.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1324-55-0x0000000010000000-0x0000000010024000-memory.dmp

  • Size

    144KB

  • MD5

    86b52d8775a0c5fd9a3726e049647aa4

  • SHA1

    3ca36e971e31b5108c6d3eb24ce906db82785151

  • SHA256

    d4710f70212e3f6ecda3297f9ce8ab074beee2493469b94eaa6184eb01e04de6

  • SHA512

    bc2c6ed9a01a866f4aba03c196585b836c9e79e66ec731a91afc14efced1e8065836a0e08761e8e15d4d447314435c71080fb01848b225a62c536cb4a7fc953a

  • SSDEEP

    3072:QHgHsJq6uUu9VrVHl8j+YAHJYTVBHOhB8TBffMNFmg:FkwUun5lC+9HJwVBHOhB8TB3MNFf

Score
10/10
bb271683720157qakbot

Malware Config

Extracted

Family

qakbot

Version

404.1038

Botnet

BB27

Campaign

1683720157

C2

197.2.238.177:443

78.130.215.67:443

82.127.153.75:2222

96.56.197.26:2083

89.114.140.100:443

2.237.150.131:2222

69.133.162.35:443

73.29.92.128:443

70.160.67.203:443

79.77.142.22:2222

73.207.160.219:443

12.172.173.82:2087

103.212.19.254:995

188.83.251.100:443

173.61.50.155:3389

87.223.95.250:443

66.180.226.58:2222

84.108.200.161:443

81.224.201.143:2222

70.28.50.223:1194
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

  • Qakbot family
    qakbot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1324-55-0x0000000010000000-0x0000000010024000-memory.dmp
    .dll windows x86


    Headers

    Sections