Overview

overview

10

Static

static

10

1784-83-0x...ry.dll

windows7-x64

1

1784-83-0x...ry.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    1784-83-0x0000000000150000-0x0000000000174000-memory.dmp

  • Size

    144KB

  • MD5

    007b8fdbcc0c58d8be63d4bd4628fdc4

  • SHA1

    4a670301226027ecfd685231498ef81a64bed77d

  • SHA256

    0b3331251141897166fb13b5ddf91c43a470fa206232394140785ce3ab87bb75

  • SHA512

    59979f653c0e995d750f6694356e9e0db0c06a75ba2113e542aaa85c16c205fd616150a0d3c1a368e986bf5976ed4f93114a3fce3a17474493a012157fefa435

  • SSDEEP

    3072:HaL532eGHtnHxJtPXFBxA55JrXhcQTBfA3OLR:jnH1HxJtvFB655JLhcQTB43S

Score
10/10
obama2651685436052qakbot

Malware Config

Extracted

Family

qakbot

Version

404.1320

Botnet

obama265

Campaign

1685436052

C2

103.42.86.42:995

174.4.89.3:443

161.142.103.187:995

78.160.146.127:443

84.35.26.14:995

12.172.173.82:20

70.28.50.223:2078

124.149.143.189:2222

70.160.67.203:443

186.64.67.30:443

103.123.223.133:443

94.207.104.225:443

89.114.140.100:443

213.64.33.61:2222

86.176.144.234:2222

72.134.124.16:443

47.34.30.133:443

109.50.149.241:2222

85.104.105.67:443

81.111.108.123:443

Signatures

  • Qakbot family
    qakbot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1784-83-0x0000000000150000-0x0000000000174000-memory.dmp
    .dll windows x86


    Headers

    Sections