General
-
Target
2444-1-0x00000000000C0000-0x00000000000E4000-memory.dmp
-
Size
144KB
-
MD5
529a5a4d555e52b3a1563a12f239cf17
-
SHA1
ce1786270ac4f3a8753543f07ca314e3e55c9602
-
SHA256
974e91d003aad9f44e385254da1d2b5904392ed8fe3556b3878f4d2efabe3529
-
SHA512
9005c7c3d5109668e4d21f0abb9618e16d1a16ff017d7831c1afb96a84ecc2c736d0c6c6bb64643efd3df11ab1198aa9886871167ccf4cfa33a0a54813da4ed3
-
SSDEEP
3072:6k0K/tDZiUC/rFQ/wWAmJAj+J0sH3jTBfw/EoG5y:I/rCoWdCj+JjH3jTBI/EoG5y
Malware Config
Extracted
qakbot
404.1377
snow09
1686740620
101.184.155.156:2222
89.79.229.50:443
173.17.45.60:443
124.246.122.199:2222
84.215.202.8:443
122.184.143.86:443
79.168.224.165:2222
151.62.174.154:443
124.122.47.148:443
31.190.240.11:443
92.239.81.124:443
31.53.29.210:2222
172.115.17.50:443
70.28.50.223:2083
64.121.161.102:443
187.199.244.117:32103
91.68.227.219:443
176.142.207.63:443
47.199.241.39:443
89.129.109.27:2222
67.87.119.216:2078
98.4.43.111:443
200.93.25.6:2222
142.188.88.42:2222
86.128.15.251:2222
201.244.108.183:995
74.12.146.45:2083
151.65.167.77:443
41.228.224.205:995
86.129.138.170:443
113.11.92.30:443
12.172.173.82:2087
72.205.104.134:443
84.213.236.225:995
92.186.69.229:2222
1.221.179.74:443
103.141.50.43:995
58.162.223.233:443
96.242.126.116:2222
51.11.214.101:2222
75.109.111.89:443
125.99.76.102:443
80.12.88.148:2222
109.149.147.195:2222
27.99.32.26:2222
70.28.50.223:3389
70.28.50.223:32100
86.97.96.62:2222
66.241.183.99:443
74.12.146.45:2222
190.199.147.209:2222
47.205.25.170:443
12.172.173.82:993
12.172.173.82:22
84.35.26.14:995
72.134.124.16:443
85.240.173.251:2078
50.68.186.195:443
65.190.242.244:443
45.62.75.217:443
203.109.44.236:995
174.58.146.57:443
105.184.159.9:995
94.207.115.105:443
197.0.146.211:443
197.204.11.218:443
92.9.45.20:2222
91.169.12.198:32100
12.172.173.82:20
70.64.77.115:443
71.31.9.49:995
24.234.220.88:990
95.45.50.93:2222
213.91.235.146:443
189.223.184.79:443
213.64.33.92:2222
47.34.30.133:443
70.28.50.223:2087
12.172.173.82:465
67.219.197.94:443
103.140.174.20:2222
12.172.173.82:995
90.29.86.138:2222
37.14.229.220:2222
89.181.227.42:2222
62.35.230.21:995
70.160.67.203:443
88.126.94.4:50000
203.219.204.180:443
147.219.4.194:443
92.20.204.198:2222
24.234.220.88:993
188.28.19.84:443
89.115.200.234:443
67.87.119.216:2083
86.98.222.20:443
161.142.100.114:995
103.139.242.6:443
103.123.223.153:443
24.234.220.88:995
102.158.231.164:443
175.156.65.126:2222
41.227.190.59:443
178.175.187.254:443
180.151.13.23:2078
12.172.173.82:50001
116.75.63.143:443
78.192.109.105:2222
37.186.55.8:2222
121.121.100.202:995
104.35.24.154:443
199.27.66.213:443
181.165.19.254:443
81.229.117.95:2222
12.172.173.82:21
45.2.61.134:3389
162.248.14.107:443
103.212.19.254:995
2.82.8.80:443
Signatures
-
Qakbot family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2444-1-0x00000000000C0000-0x00000000000E4000-memory.dmp
Files
-
2444-1-0x00000000000C0000-0x00000000000E4000-memory.dmp.exe windows:6 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 98KB - Virtual size: 97KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ