qakbot | 2036-54-0x0000000000120000-0x0000000000144000-memory[.]dmp

General

Target

2036-54-0x0000000000120000-0x0000000000144000-memory.dmp
Size

144KB
MD5

9fc51ca4ebe71bf49352d1ff3fef2b47
SHA1

86ec0c992d3bd94ffcfef4e9e16c6f287bbd13b3
SHA256

bda6acf8ecc31ed9a7e3bccbcc788186872361bc8038419dcab1129c230d0375
SHA512

9cf450212e58f55ccf6826563439c1307c24176e12691bbfc9e0b72cc33ccbfa07bfd7d2c813305ba7cfb6a03931ce0963b3fb72cb079c804d086fbf7275e6c4
SSDEEP

3072:yAkahDTy6mNBMvqojUgYQzAdKJaaL3bTBfwtAoG5yC:sNSSojUgH0dKJ/L3bTBotAoG5y

Score

10^/10

snow09 1686740620 qakbot

Malware Config

Extracted

Family

qakbot

Version

404.1377

Botnet

snow09

Campaign

1686740620

C2

101.184.155.156:2222

89.79.229.50:443

173.17.45.60:443

124.246.122.199:2222

84.215.202.8:443

122.184.143.86:443

79.168.224.165:2222

151.62.174.154:443

124.122.47.148:443

31.190.240.11:443

92.239.81.124:443

31.53.29.210:2222

172.115.17.50:443

70.28.50.223:2083

64.121.161.102:443

187.199.244.117:32103

91.68.227.219:443

176.142.207.63:443

47.199.241.39:443

89.129.109.27:2222

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2036-54-0x0000000000120000-0x0000000000144000-memory.dmp

Files

2036-54-0x0000000000120000-0x0000000000144000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB