General
-
Target
1864-33-0x0000000000080000-0x0000000000111000-memory.dmp
-
Size
580KB
-
MD5
e148f524a1b02cc54295191906f15ee9
-
SHA1
d5fe57991638613c09030b7a1f81359039a944de
-
SHA256
bbdfb6a71f05de5457d63d5ca1130a010777f0ba9ee14052bf3ec0ebe9c961a1
-
SHA512
a7dd2108651a51f9542f4176e9dae33fab056183968c76d8fa235ba76ce76da9ba53b2b0e7baa3e98b1fb6ae92bf74258a06e5b589bab55d3a21a43405ba5351
-
SSDEEP
12288:QTh+CfHel/TrAnFvUyTFZPsj8w6Sw98MYXwlktzW6XlORNB7MRWop:QFfHUTrAneqvPS+8M0lE7CH
Malware Config
Extracted
qakbot
323.108
spx49
1577446119
173.80.61.90:443
72.28.255.159:443
5.182.39.156:443
138.122.5.214:2222
47.23.101.26:465
72.190.101.70:443
208.126.142.17:443
72.224.159.224:2222
75.110.90.106:443
66.214.75.176:443
45.45.105.94:995
117.223.146.238:995
71.226.140.73:443
71.30.56.170:443
50.247.230.33:995
173.3.132.17:995
24.229.245.124:995
45.45.105.94:443
173.79.220.156:443
104.35.127.108:2222
24.32.119.146:443
130.93.11.211:443
78.94.55.26:50003
192.40.225.168:443
12.5.37.3:443
74.134.35.54:443
12.5.37.3:995
174.82.131.155:995
72.45.14.185:443
162.244.225.30:443
108.227.161.27:443
98.23.32.209:995
184.167.2.251:2222
74.222.204.82:443
152.208.21.141:443
64.19.74.29:995
144.178.134.98:995
184.74.101.234:995
66.222.88.126:995
100.4.185.8:443
173.22.120.11:2222
73.226.220.56:443
104.3.91.20:995
68.49.120.179:443
98.252.150.180:443
67.214.21.207:443
47.180.66.10:443
70.124.29.226:443
67.10.18.112:993
173.31.178.20:443
75.131.72.82:995
74.73.122.214:443
2.50.157.233:443
64.250.55.239:443
70.174.21.130:443
201.152.109.147:995
181.126.80.118:443
184.101.228.131:443
104.152.16.45:995
70.120.151.69:443
76.180.69.236:443
106.51.148.162:443
74.77.145.53:443
138.122.5.214:443
206.51.202.106:50002
75.110.250.89:443
162.244.224.166:443
72.16.212.107:465
75.131.72.82:443
66.31.96.223:443
98.127.96.121:443
172.242.9.118:995
68.186.198.131:443
24.189.222.222:2222
96.242.232.231:443
104.191.66.184:443
64.203.122.88:995
24.121.254.171:443
69.47.44.219:443
68.174.15.223:443
207.179.194.91:443
68.238.56.27:443
23.240.185.215:443
98.237.120.65:995
24.191.227.91:2222
50.34.101.94:443
172.78.87.180:443
100.38.123.22:443
189.140.111.214:995
98.118.162.34:443
174.101.35.214:443
185.219.83.73:443
98.213.35.176:443
50.246.229.50:443
50.78.93.74:995
72.211.97.57:443
100.40.48.96:443
104.173.119.54:2222
184.180.157.203:2222
67.246.16.250:995
86.169.244.41:2222
68.225.250.136:443
32.208.1.239:443
74.33.70.219:443
76.23.204.29:443
197.86.194.104:995
46.248.40.117:995
2.190.214.254:443
71.80.227.238:443
174.48.72.160:443
74.71.216.1:443
98.121.187.78:443
75.121.10.204:443
71.77.231.251:443
108.183.200.239:443
68.100.248.78:443
97.96.51.117:443
24.202.42.48:2222
173.172.205.216:443
24.201.79.208:2078
107.12.131.249:443
75.81.25.223:995
74.194.4.181:443
72.187.35.131:443
75.70.218.193:443
69.207.20.233:443
68.39.177.147:995
100.19.124.139:443
75.165.181.122:443
205.250.79.62:443
62.103.70.217:995
47.227.198.155:443
72.29.181.77:2078
47.146.169.85:443
181.123.59.111:443
75.130.117.134:443
181.197.195.138:995
96.227.138.53:443
98.30.99.15:443
166.62.180.194:2078
207.178.109.161:443
174.20.189.226:995
47.153.115.154:995
83.76.204.98:2222
23.134.176.126:443
172.221.45.151:443
206.255.41.196:443
47.40.244.237:443
75.164.48.168:443
184.191.62.78:443
Signatures
-
Qakbot family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1864-33-0x0000000000080000-0x0000000000111000-memory.dmp
Files
-
1864-33-0x0000000000080000-0x0000000000111000-memory.dmp.exe windows:5 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 435KB - Virtual size: 434KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ