General

  • Target

    1920-89-0x0000000000170000-0x0000000000194000-memory.dmp

  • Size

    144KB

  • MD5

    c472e51f1d948105efba2b77e1aec98b

  • SHA1

    4b099da424b0f2436b6e8600e5eb77dcf917a867

  • SHA256

    be3064ab045747a4ee1d42fb91f2295050e44e13deb8912f262ce74b1f521404

  • SHA512

    2bffea73b862ee5b0fdc3543ed28afe68750825c495f26852a69987052344dfd6c2de16b8c2f1ee1bfdd2d075a2476e9f7d0025c4daf98264e2058c7bf076945

  • SSDEEP

    3072:rR8htqU4THlu3/jk3VADXJoce7pTBf2FjyJ:FvHluPjKmDXJbe7pTBuF+J

Score
10/10

Malware Config

Extracted

Family

qakbot

Version

404.1249

Botnet

BB29

Campaign

1685100431

C2

50.68.186.195:443

66.180.234.51:2222

103.141.50.43:995

69.242.31.249:443

173.88.135.179:443

12.172.173.82:465

86.130.9.242:2222

92.27.86.48:2222

88.126.94.4:50000

113.11.92.30:443

12.172.173.82:995

92.154.17.149:2222

92.135.0.154:2222

212.169.233.141:3389

103.123.223.133:443

12.172.173.82:32101

70.28.50.223:3389

47.21.51.138:443

75.98.154.19:443

47.205.25.170:443

Signatures

  • Qakbot family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1920-89-0x0000000000170000-0x0000000000194000-memory.dmp
    .dll windows x86


    Headers

    Sections