qakbot | 3[.]s

Sharing

Copy URL

Twitter E-mail

General

Target

3.s
Size

155KB
MD5

8ef4f8378e46810e6fee986edd2ab86e
SHA1

10ddd3259795fe6ec44cc9ce46626682ea10aab9
SHA256

e531467aa967ee9d535e479633257a583ee655acd1c53618ecbaf44731bb9af8
SHA512

19c7c556e092a8b4ae0707e89e54400f65b209da8ad4974b92138cceca1d7d593b56b06f81f58f1f1a712377b3cd2a3ef138b5d2ff89b7893ae2e7b251d4dc1f
SSDEEP

3072:yraaktuZFO86/lFIYAwJ96VFHT8TBffkyH:0bO8El+9wJYVFHT8TB3f

Score

10^/10

notset 1681806702 qakbot

Malware Config

Extracted

Family

qakbot

Version

404.999

Botnet

notset

Campaign

1681806702

67.10.2.240:995

172.248.42.122:443

12.172.173.82:21

76.86.31.59:443

24.139.11.137:443

74.66.134.24:443

86.178.33.125:2222

198.2.51.242:993

124.246.122.199:2222

50.68.204.71:995

12.172.173.82:465

184.182.66.109:443

105.184.209.7:995

100.6.31.96:443

139.226.47.229:995

175.156.65.126:2222

161.142.104.40:995

122.184.143.85:443

125.99.69.178:443

86.99.49.64:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3.s

Files

3.s
.dll windows x86

0141f24aaf1b810b9fcc5f6886f26f14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

windowscodecs

WICMapSchemaToName
WICMapShortNameToGuid
WICMapGuidToShortName

msvcrt

localeconv
strtod
strchr
strncpy
_time64
malloc
free
memset
memchr
_strtoi64
_errno
_snprintf
_ftol2_sse
_vsnwprintf
memcpy
atol
qsort
_vsnprintf

kernel32

SwitchToThread
GetModuleHandleW
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
GetModuleHandleA
LoadLibraryA
GetNumberFormatA
lstrcatW
WideCharToMultiByte
FindFirstFileW
FindNextFileW
SetFileAttributesW
lstrlenW
LoadLibraryW
FreeLibrary
GetCommandLineW
GetVersionExA
GetSystemInfo
GetCurrentDirectoryW
GetWindowsDirectoryW
lstrcmpiA
GetSystemTimeAsFileTime
GetExitCodeProcess
LocalAlloc
ExitThread
FlushFileBuffers
SetThreadPriority
GetTickCount
MoveFileW
K32GetModuleFileNameExW
lstrcmpA
lstrcpynA
DisconnectNamedPipe
GetProcessId
GetCurrentThread
CreateMutexW
lstrcatA
CreateDirectoryW
lstrcpynW
GetLastError
GetDriveTypeW
lstrcmpiW
Sleep
SetCurrentDirectoryA
GetFileAttributesW
GetCurrentProcessId
MultiByteToWideChar

user32

RegisterClassExA
UnregisterClassA
CreateWindowExA
DestroyWindow
CharUpperBuffW
CharUpperBuffA
DefWindowProcW

gdi32

CreateFontA
GdiTransparentBlt
CreateHalftonePalette
CreateFontIndirectExW
CreateEnhMetaFileA
CreateScalableFontResourceA
CreatePenIndirect
CreateSolidBrush
CreateEllipticRgn
CreateDIBPatternBrush
CreateScalableFontResourceW
CreateDIBPatternBrushPt
CreateRoundRectRgn
CreateRectRgnIndirect
CreateEllipticRgnIndirect
CreateHatchBrush
CreateBrushIndirect
CreateBitmapIndirect
GdiGetBatchLimit
CreateDIBSection
CreatePatternBrush

advapi32

CreatePrivateObjectSecurity
GetEventLogInformation
AddAccessDeniedAce
AccessCheckByTypeAndAuditAlarmA
AddAccessAllowedAceEx
EnumerateTraceGuidsEx
AccessCheckAndAuditAlarmA
ChangeServiceConfig2A
AddAccessAllowedAce
EventWriteString
EventActivityIdControl
GetAce
ConvertToAutoInheritPrivateObjectSecurity
CloseTrace
FindFirstFreeAce
EventWrite
EventWriteEx
AddAuditAccessObjectAce
EqualDomainSid
EventWriteTransfer

shell32

CommandLineToArgvW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance

oleaut32

SafeArrayGetUBound
VariantClear
SafeArrayGetLBound
SysFreeString
SysAllocString
SafeArrayGetElement
SafeArrayDestroy

Exports

Exports

Nikn

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

0141f24aaf1b810b9fcc5f6886f26f14

Headers

File Characteristics

Imports

windowscodecs

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB