General

  • Target

    1968-83-0x0000000000210000-0x0000000000234000-memory.dmp

  • Size

    144KB

  • MD5

    aab949188e9cd3b7fd6da1fe2d886ea7

  • SHA1

    ecc2421e9e89c211b98ce08d1ea95ff9abdceb30

  • SHA256

    746f4267a5c324e7563b84e47c4bb569965506d851228876e15929a5379c4d08

  • SHA512

    180f79f74a8d1bdd8383d42a9bd70b15030950c2daab15051b3afffdc75030cc56701b1d0078df0266bf8ff3c72219c1f0d59180aa417dd88a8d64381ad20c51

  • SSDEEP

    3072:BBQh8mKD9rrMltxcnhDAV7JiO6tpTBfi7jyJ:jlRrrMjxkkV7Jj6tpTBa7+J

Score
10/10

Malware Config

Extracted

Family

qakbot

Version

404.1249

Botnet

BB29

Campaign

1685100431

C2

50.68.186.195:443

66.180.234.51:2222

103.141.50.43:995

69.242.31.249:443

173.88.135.179:443

12.172.173.82:465

86.130.9.242:2222

92.27.86.48:2222

88.126.94.4:50000

113.11.92.30:443

12.172.173.82:995

92.154.17.149:2222

92.135.0.154:2222

212.169.233.141:3389

103.123.223.133:443

12.172.173.82:32101

70.28.50.223:3389

47.21.51.138:443

75.98.154.19:443

47.205.25.170:443

Signatures

  • Qakbot family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1968-83-0x0000000000210000-0x0000000000234000-memory.dmp
    .dll windows x86


    Headers

    Sections