qakbot | 7ee6095ba8c4ed9fe11fbf5e703823e1aeae7f5443027738f55979b27ca57171[.]zip

Resubmissions

30-11-2023 22:19

231130-18nhnscb68 10

19-11-2023 21:30

231119-1cewnabg93 10

Sharing

Copy URL

Twitter E-mail

General

Target

7ee6095ba8c4ed9fe11fbf5e703823e1aeae7f5443027738f55979b27ca57171.zip
Size

78KB
MD5

414689adb009ad7e9c6840d2bfdbe7d1
SHA1

dd82ac9ff0ff3511315f920a6df0338601ef594d
SHA256

b1d83b1843006e6066c8049c227d0184ca8dd300cde6e10b74e9fad49caab89b
SHA512

152a6575dd56d1bc4ad433d3b6429dfdf90dfcdf220367fd2d6166c7ec895c11ea0cd6a0b1b25fb1984e88219d4d515e3b5eae80ba0cc9656bf42c01bffe79e5
SSDEEP

1536:w8U+q7iXWFIpu7DzEIGpXYpDJBP9JdP4oJlahApDQzphuETpWrSwYHwnfls/VlYG:7DXVpu7HEIagR9JdPZahYDQzphuE5XHP

Score

10^/10

obama150 1640256791 qakbot

Malware Config

Extracted

Family

qakbot

Version

403.10

Botnet

obama150

Campaign

1640256791

96.21.251.127:2222

70.51.134.181:2222

69.14.172.24:443

186.64.87.213:443

94.62.161.77:995

103.139.242.30:990

114.79.148.170:443

217.164.247.241:2222

178.153.86.181:443

136.232.34.70:443

37.210.226.125:61202

173.21.10.71:2222

31.219.154.176:32101

140.82.49.12:443

32.221.229.7:443

24.152.219.253:995

106.51.48.170:50001

114.38.161.124:995

96.37.113.36:993

190.39.205.165:443

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/7ee6095ba8c4ed9fe11fbf5e703823e1aeae7f5443027738f55979b27ca57171.dll

Files

7ee6095ba8c4ed9fe11fbf5e703823e1aeae7f5443027738f55979b27ca57171.zip
.zip

Password: infected
7ee6095ba8c4ed9fe11fbf5e703823e1aeae7f5443027738f55979b27ca57171.dll
.dll regsvr32 windows:6 windows x86 arch:x86

Password: infected

3c4a379270b250744490829165226c41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_ntoa

msvcrt

localeconv
strtod
strchr
strncpy
_time64
malloc
free
memset
memchr
_strtoi64
_ftol2_sse
_vsnwprintf
memcpy
atol
_errno
qsort
_snprintf
_vsnprintf

kernel32

GetWindowsDirectoryW
GetSystemInfo
GetTickCount
LoadLibraryW
FlushFileBuffers
GetVersionExA
lstrcmpiA
LocalAlloc
SetFileAttributesW
FindNextFileW
FindFirstFileW
GetExitCodeProcess
GetCurrentProcess
CreateMutexA
lstrcmpA
DuplicateHandle
GetCurrentThread
lstrcpynA
GetLastError
lstrcatA
CreateDirectoryW
DisconnectNamedPipe
lstrcpynW
GetProcessId
lstrcatW
lstrcpyW
GetCurrentProcessId
lstrcmpiW
SetLastError
GetModuleFileNameW
GetFileAttributesW
GetModuleHandleA
MultiByteToWideChar
GetDriveTypeW
K32GetModuleFileNameExW
MoveFileW
SwitchToThread
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
WideCharToMultiByte
LoadLibraryA
FreeLibrary
GetSystemTimeAsFileTime
SetThreadPriority
CreatePipe

user32

DestroyWindow
CreateWindowExA
UnregisterClassA
RegisterClassExA
CharUpperBuffA
DefWindowProcA
CharUpperBuffW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
SysFreeString
VariantClear
SysAllocString

Exports

Exports

DllRegisterServer

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

3c4a379270b250744490829165226c41

Headers

File Characteristics

Imports

ws2_32

msvcrt

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB