qakbot | 1700-55-0x00000000001E0000-0x0000000000204000-memory[.]dmp

General

Target

1700-55-0x00000000001E0000-0x0000000000204000-memory.dmp
Size

144KB
MD5

eddaf5785d4ae321f5a73f967d7896c7
SHA1

9f1adf455310912f0a187e5082f38e31182baa96
SHA256

4f48dd64fbb28eb1b01daeee1b339386181cb3a0566e24da954d410bd469f7a0
SHA512

2ca85c1f94f59720c0e3ca8303ae8041bcc8baae2ab27c83235b0221219741390b12f6bcace0301fb86598399c1b66242874a4cfe1d93b9cb4a5dab6d4baaf77
SSDEEP

3072:aB6GqSbBtB1aC+0Qd66CAO/Jor7NcTBfwcsLu:gVtBo0a66HO/Jc7NcTBocU

Score

10^/10

bb30 1685604052 qakbot

Malware Config

Extracted

Family

qakbot

Version

404.1346

Botnet

BB30

Campaign

1685604052

C2

47.199.241.39:443

93.147.235.8:443

75.141.227.169:443

45.243.142.31:995

79.92.15.6:443

85.104.105.67:443

89.129.109.27:2222

86.176.83.44:2222

24.234.220.88:993

89.32.156.5:995

12.172.173.82:22

103.101.203.177:443

70.28.50.223:2083

98.187.21.2:443

70.49.205.198:2222

96.56.197.26:2222

92.9.45.20:2222

86.195.14.72:2222

172.115.17.50:443

100.4.163.158:2222

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1700-55-0x00000000001E0000-0x0000000000204000-memory.dmp

Files

1700-55-0x00000000001E0000-0x0000000000204000-memory.dmp
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB