Overview

overview

10

Static

static

10

300-63-0x0...ry.dll

windows7-x64

1

300-63-0x0...ry.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    300-63-0x0000000000130000-0x0000000000154000-memory.dmp

  • Size

    144KB

  • MD5

    6724a33f66fe0b77224d284ef7ed8ca4

  • SHA1

    7e32331ddfea3738ac6366037bea8b515a8abf92

  • SHA256

    0933f0d584c05f71f5796a126a48c4f5896fcfc9fb58749b34055ff8387bc021

  • SHA512

    20d525e5a400ed6c87c28d3e15d03be3d0a7bbaae0dcf9bb7152b68e00ec93b9b8d3e92afa14b00f4aad3a2d7da01e5bc594a0e29ce047beed7f4122ab5b47a4

  • SSDEEP

    3072:HpMhIoOjBC77Xk7JA33J84uwY5TBf2hLyJ:JbjBCHXuC33J7uH5TBuhmJ

Score
10/10
bb291685100431qakbot

Malware Config

Extracted

Family

qakbot

Version

404.1249

Botnet

BB29

Campaign

1685100431

C2

50.68.186.195:443

66.180.234.51:2222

103.141.50.43:995

69.242.31.249:443

173.88.135.179:443

12.172.173.82:465

86.130.9.242:2222

92.27.86.48:2222

88.126.94.4:50000

113.11.92.30:443

12.172.173.82:995

92.154.17.149:2222

92.135.0.154:2222

212.169.233.141:3389

103.123.223.133:443

12.172.173.82:32101

70.28.50.223:3389

47.21.51.138:443

75.98.154.19:443

47.205.25.170:443

Signatures

  • Qakbot family
    qakbot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 300-63-0x0000000000130000-0x0000000000154000-memory.dmp
    .dll windows x86


    Headers

    Sections