Overview

overview

10

Static

static

10

1772-56-0x...ry.dll

windows7-x64

1

1772-56-0x...ry.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    1772-56-0x0000000000900000-0x0000000000924000-memory.dmp

  • Size

    144KB

  • MD5

    10ee080c463e43de482ea6afdd87f91b

  • SHA1

    5df7aeca1ebeee201e10e720eccfdd990dd9fa9f

  • SHA256

    a2b2e0253453203cc374a0fbeadc7271d88ae39870c8b14d5df0e8b71eae588c

  • SHA512

    24e3b625c837e526cc0a79c6c028cf6cf66ea560c7af06f1a06ed59b23f8f2cab78f4ef51c604ea55594425c5c385fa52712a4b40515468d485deddf2362234f

  • SSDEEP

    3072:wnwDHspKaOdWud1rVnFcEs+M7AHJ4PHZ8TBf/sN1Tg:FkwUuHZFi+9HJoHZ8TB3sN6

Score
10/10
bb271683811051qakbot

Malware Config

Extracted

Family

qakbot

Version

404.1038

Botnet

BB27

Campaign

1683811051

C2

113.11.92.30:443

86.130.9.208:2222

27.109.19.90:2078

70.28.50.223:32100

89.129.109.27:2222

12.172.173.82:21

70.28.50.223:2087

200.93.26.107:2222

50.68.204.71:993

12.172.173.82:32101

173.88.135.179:443

70.28.50.223:3389

86.99.48.130:2222

67.219.197.94:443

76.64.99.251:2222

86.250.12.86:2222

136.35.241.159:443

69.157.243.204:2222

216.36.153.248:443

173.176.4.133:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

  • Qakbot family
    qakbot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1772-56-0x0000000000900000-0x0000000000924000-memory.dmp
    .dll windows x86


    Headers

    Sections