General

  • Target

    4268-1-0x00000000001F0000-0x0000000000214000-memory.dmp

  • Size

    144KB

  • MD5

    b5354b9719cb0acfd16d8780a5b8eceb

  • SHA1

    860e0568e3eb17e01aed676441f15e208c611eb3

  • SHA256

    d96d6f4be20929f311867449b567b142eaa913cec6103ba84dfd47bc1e7c35cf

  • SHA512

    e18f8c22734bdb743e7b05ab8a50df0fdb2cd761771cf23235823b6f541e535055870952dcffa6086f0657dfab8cbbe53ffab7c8a42e40edb04aa2cfe486abf3

  • SSDEEP

    3072:61E0kJD+kNu8XOTfZzSPZkAusJ33RODTBfA4coG5y:K8+ThzOnusJHRODTB44coG5y

Malware Config

Extracted

Family

qakbot

Version

404.1377

Botnet

snow09

Campaign

1686740620

C2

101.184.155.156:2222

89.79.229.50:443

173.17.45.60:443

124.246.122.199:2222

84.215.202.8:443

122.184.143.86:443

79.168.224.165:2222

151.62.174.154:443

124.122.47.148:443

31.190.240.11:443

92.239.81.124:443

31.53.29.210:2222

172.115.17.50:443

70.28.50.223:2083

64.121.161.102:443

187.199.244.117:32103

91.68.227.219:443

176.142.207.63:443

47.199.241.39:443

89.129.109.27:2222

Signatures

  • Qakbot family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4268-1-0x00000000001F0000-0x0000000000214000-memory.dmp
    .exe windows:6 windows x86


    Headers

    Sections