General
-
Target
241256cd58a572ecf11a33cf12337953.bin
-
Size
213KB
-
MD5
241256cd58a572ecf11a33cf12337953
-
SHA1
74140c612732500de6eee8336e891e1b6eb08587
-
SHA256
2cd959c03557656302e02aedf85ea91efb222ec98998af6a3391c2244aa37d74
-
SHA512
7bf830ce23360c1129b095d7b0e696ec0ce53a944bb21255c32cdc0d5f9dd721d776871bcc19708d66caced8bc882be2878938fa5f306fc27da865d8be2d0ff1
-
SSDEEP
6144:XkOJ64gtS9VfeL7uHQVpmOJKu/BF3H0d2Cpw:XkHlw9o7BVtPQ7pw
Malware Config
Extracted
qakbot
325.59
tr01
1604404428
89.136.39.108:443
2.50.58.76:443
188.25.158.61:443
45.63.107.192:995
45.32.154.10:443
94.52.160.116:443
45.63.107.192:2222
45.63.107.192:443
72.204.242.138:465
84.117.176.32:443
95.77.223.148:443
47.146.39.147:443
41.225.13.128:8443
80.14.209.42:2222
190.220.8.10:995
66.76.105.194:443
105.101.69.242:443
89.33.87.107:443
75.136.40.155:443
78.97.3.6:443
108.46.145.30:443
68.134.181.98:443
85.121.42.12:995
75.87.161.32:995
68.174.15.223:443
149.28.99.97:995
199.247.16.80:443
45.32.155.12:443
149.28.99.97:2222
149.28.99.97:443
70.168.130.172:995
93.86.252.177:995
50.244.112.10:995
59.99.36.238:443
185.246.9.69:995
208.99.100.129:443
41.97.25.63:443
72.186.1.237:443
59.99.36.241:443
45.32.155.12:2222
96.30.198.161:443
140.82.27.132:443
45.32.165.134:443
45.63.104.123:443
207.246.70.216:443
97.118.38.31:993
134.228.24.29:443
188.25.24.21:2222
2.89.17.127:995
72.82.15.220:443
174.62.13.151:443
120.150.60.189:995
80.195.103.146:2222
142.129.227.86:443
89.137.221.232:443
98.26.50.62:995
74.129.26.119:443
146.199.132.233:2222
77.27.174.49:995
172.114.116.226:995
95.179.247.224:443
189.231.189.64:443
45.32.155.12:995
45.32.162.253:443
199.247.22.145:443
35.134.202.234:443
184.98.97.227:995
85.122.141.42:995
89.137.211.239:443
72.16.56.171:443
72.28.255.159:995
47.44.217.98:443
189.183.206.170:995
64.185.5.157:443
202.141.244.118:995
72.209.191.27:443
86.122.18.250:443
141.158.47.123:443
203.198.96.164:443
173.245.152.231:443
95.77.144.238:443
41.228.227.124:443
67.78.151.218:2222
84.232.238.30:443
188.27.32.167:443
173.3.17.223:995
24.213.191.38:0
69.11.247.242:443
87.65.204.240:995
207.246.75.201:443
217.162.149.212:443
45.77.193.83:443
80.240.26.178:443
98.16.204.189:995
173.90.33.182:2222
103.206.112.234:443
72.36.59.46:2222
190.220.8.10:443
86.98.89.245:2222
39.36.35.237:995
217.165.96.127:990
151.73.112.197:443
79.113.119.125:443
2.50.110.49:2078
72.66.47.70:443
93.113.177.152:443
103.238.231.35:443
78.97.207.104:443
156.213.227.208:443
71.163.223.253:443
108.31.15.10:995
184.21.136.237:443
184.179.14.130:22
81.133.234.36:2222
74.75.216.202:443
2.51.247.69:995
96.243.35.201:443
46.53.16.93:443
217.165.2.92:995
37.106.7.143:443
203.106.195.67:443
172.91.19.192:443
2.7.202.106:2222
78.96.199.79:443
184.55.32.182:443
24.205.42.241:443
103.76.160.110:443
188.121.219.88:2222
79.113.208.68:443
85.204.189.105:443
50.96.234.132:995
31.5.21.66:443
66.215.32.224:443
81.97.154.100:443
47.185.140.236:80
108.30.125.94:443
188.247.252.243:443
69.47.26.41:443
74.195.88.59:443
95.76.27.6:443
68.46.142.48:995
73.200.219.143:443
173.173.1.164:443
67.6.55.77:443
24.40.173.134:443
173.21.10.71:2222
73.225.67.0:443
45.47.65.191:443
75.106.52.142:443
75.182.220.196:2222
Signatures
-
Qakbot family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 241256cd58a572ecf11a33cf12337953.bin
Files
-
241256cd58a572ecf11a33cf12337953.bin.exe windows:5 windows x86 arch:x86
9c2ac896dab6c52bd98009fa304be02e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
userenv
GetUserProfileDirectoryW
ole32
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitialize
shell32
CommandLineToArgvW
SHGetFolderPathW
kernel32
CloseHandle
GetCurrentProcessId
GetEnvironmentVariableW
WideCharToMultiByte
lstrcatA
GetEnvironmentVariableA
MultiByteToWideChar
lstrlenW
lstrcatW
lstrcpyA
HeapAlloc
HeapFree
HeapCreate
VirtualAlloc
GetFileSize
lstrcmpiA
GetModuleFileNameA
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
CopyFileW
TerminateProcess
DeleteFileW
ResumeThread
GetComputerNameW
ReleaseMutex
GetExitCodeProcess
SetEnvironmentVariableW
GetTickCount
GetModuleFileNameW
GetSystemInfo
SetEnvironmentVariableA
GetVersionExA
GetModuleHandleA
SetEvent
OpenEventA
CreateMutexA
GetCurrentThread
SetLastError
GetSystemTimeAsFileTime
lstrcmpiW
MoveFileW
SetFileAttributesW
LocalAlloc
GetLocalTime
lstrcpyW
CreateDirectoryW
LoadLibraryA
GetProcAddress
GetLastError
CreateEventA
SleepEx
WaitForSingleObject
FreeLibrary
GetDriveTypeW
lstrlenA
lstrcmpA
GetCommandLineW
ExitProcess
lstrcpynW
Sleep
SystemTimeToFileTime
GetSystemTime
GetWindowsDirectoryW
TerminateThread
user32
CharUpperBuffA
MessageBoxA
GetClassNameA
CharUpperBuffW
GetSystemMetrics
advapi32
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
RegDeleteValueW
RegQueryInfoKeyW
GetSidSubAuthority
OpenProcessToken
RegCloseKey
RegUnLoadKeyW
RegLoadKeyW
LookupAccountSidW
EqualSid
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
LookupAccountNameW
RegQueryValueExW
RegSetValueExW
ConvertSidToStringSidW
RegOpenKeyExW
RegEnumValueW
msvcrt
memcpy
memset
_ltoa
_vsnwprintf
_vsnprintf
_except_handler3
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 148KB - Virtual size: 148KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ