Overview

overview

10

Static

static

10

1616-55-0x...ry.dll

windows7-x64

1

1616-55-0x...ry.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1616-55-0x00000000004A0000-0x00000000004C4000-memory.dmp

  • Size

    144KB

  • MD5

    07b0f64c111380dec93f82c6a8b7c910

  • SHA1

    c57d3068c569c6b8c4bc2470d0db7431a673dbbc

  • SHA256

    4f4da70d869b82980861955e4f6fdd77aca77482708ab517b4adbf6ae97271eb

  • SHA512

    f2b7bb95b2e77c9c19de0405d4636394011d8473b33208fdbe1dd3fb85058a3a7da496aa69a08a075220b7df158fd371d368fa849d4f93b7fd69cf330707636c

  • SSDEEP

    3072:GCfXwN8O5iVEe2e/n+RXA3Jh0fHkTBfPxJzho:hfcF5iee2knOQ3J+fHkTBHxV

Score
10/10
bb221680688614qakbot

Malware Config

Extracted

Family

qakbot

Version

404.909

Botnet

BB22

Campaign

1680688614

C2

209.93.207.224:2222

90.93.132.149:2222

109.11.175.42:2222

12.172.173.82:993

86.195.14.72:2222

82.121.195.187:2222

88.122.133.88:32100

86.154.216.221:2222

91.82.133.190:443

197.3.198.241:443

70.112.206.5:443

12.172.173.82:50001

103.123.223.141:443

103.141.50.102:995

201.244.108.183:995

183.87.163.165:443

76.178.148.107:2222

96.87.28.170:2222

76.80.180.154:993

92.189.214.236:2222
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

  • Qakbot family
    qakbot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1616-55-0x00000000004A0000-0x00000000004C4000-memory.dmp
    .dll windows x86


    Headers

    Sections