Overview

overview

10

Static

static

10

1664-135-0...ry.dll

windows7-x64

1

1664-135-0...ry.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1664-135-0x00000000025F0000-0x0000000002614000-memory.dmp

  • Size

    144KB

  • MD5

    17c3f09ada58bab6f8a5a99e8aeb0dda

  • SHA1

    6ab2ead18ded5f079b73c1b965e9fc4f6bd5670c

  • SHA256

    99f4e69547825a4142deb88fa0a51ab042589b14e83b7bb9d2e983aeaec4afed

  • SHA512

    1059ab0b6ddc551b166db36892a1adc499c59f833b727a9842a6b790890b5b956b9bf901300aad77d6ee5342cd3cce808dbe4f1d7c3a02a6d8de3fd27591a169

  • SSDEEP

    3072:ju2U5b2bjWk3NDjXVAdhJf/lOMTBfwVFWLL:xlbjWgNXXmdhJXlOMTBIPK

Score
10/10
bb301685433861qakbot

Malware Config

Extracted

Family

qakbot

Version

404.1320

Botnet

BB30

Campaign

1685433861

C2

12.172.173.82:50001

178.175.187.254:443

65.95.141.84:2222

205.237.67.69:995

83.110.223.61:443

193.253.100.236:2222

27.0.48.233:443

102.159.188.125:443

71.38.155.217:443

58.186.75.42:443

76.178.148.107:2222

70.28.50.223:2087

114.143.176.236:443

51.14.29.227:2222

59.28.84.65:443

173.88.135.179:443

103.144.201.56:2078

96.87.28.170:2222

105.186.128.181:995

176.142.207.63:443

Signatures

  • Qakbot family
    qakbot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1664-135-0x00000000025F0000-0x0000000002614000-memory.dmp
    .dll windows x86


    Headers

    Sections