qakbot | 2040-55-0x0000000000200000-0x0000000000224000-memory[.]dmp

General

Target

2040-55-0x0000000000200000-0x0000000000224000-memory.dmp
Size

144KB
MD5

1f83c09617d03f53ce67f92e5dd561d6
SHA1

7f67fac9e4b3e95fbeb9b2a7f7da838bf14acb6a
SHA256

921d022f41c5d1e98ab24c901ed51ca409400834b5d678fb08561687b5be2e0a
SHA512

05bc90fd770b4a7fb7c4c8e0b0cf6e7c6ef60325d5719f3eb166fdb7795f9d0d3d101ad410cd7df727535e0dc2fe830505a025fa545cc874856ccb39e6ebec96
SSDEEP

3072:1hwW5VE0wkrovXSWNyhwAsohKJJG/F8TBfwsGEdpn:NwkKSW4hFPhKJA/F8TBIsFdpn

Score

10^/10

bb32 1686908761 qakbot

Malware Config

Extracted

Family

qakbot

Version

404.1374

Botnet

BB32

Campaign

1686908761

C2

86.176.144.175:2222

86.248.228.57:2078

88.171.156.150:50000

183.87.163.165:443

45.201.208.87:443

74.12.147.205:2222

96.87.28.170:2222

70.28.50.223:32100

220.79.238.82:443

12.172.173.82:995

45.2.61.134:3389

70.160.67.203:443

103.141.50.45:995

88.126.94.4:50000

70.28.50.223:3389

142.181.206.222:2222

51.37.181.9:443

223.166.13.95:995

162.248.14.107:443

95.45.50.93:2222

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2040-55-0x0000000000200000-0x0000000000224000-memory.dmp

Files

2040-55-0x0000000000200000-0x0000000000224000-memory.dmp
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB