qakbot | 455253_c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

455253_c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a.zip
Size

237KB
MD5

2739602af9de4e37007f49887c17dc8b
SHA1

9c51c995d91ae838349a35746ed173e7fdfa4df8
SHA256

5b1928e0f4afd659d9a1aa169ba9e794e57251725a8674af205392d3a2f255b5
SHA512

62eff2f78c0e999b296c18f99977c9c6e7d68bb9ee7a92db9069a2bc6f4e76536711d68123db6676061a3b351e75f29c841c145b016b44ca56021ca1d51817a5
SSDEEP

6144:fr/nfFCyA5pomBssfsvBERD4fe9iwVmtuVU0UJ7I4h7swR2:RDA0mBsgxtyyNmtuVU0Q7rh7swI

Score

10^/10

aa 1649660679 qakbot

Malware Config

Extracted

Family

qakbot

Version

403.573

Botnet

Campaign

1649660679

41.228.22.180:443

47.23.89.62:995

176.67.56.94:443

103.107.113.120:443

148.64.96.100:443

47.180.172.159:443

181.118.183.98:443

140.82.49.12:443

103.87.95.133:2222

96.21.251.127:2222

197.167.62.14:993

46.107.48.202:443

24.43.99.75:443

172.115.177.204:2222

80.11.74.81:2222

66.98.42.102:443

75.99.168.194:61201

173.174.216.62:443

45.9.20.200:443

39.41.158.185:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a

Files

455253_c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a.zip
.zip

Password: infected
c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a
.dll regsvr32 windows:6 windows x86 arch:x86

8e5fe034ddea581be35472bb9e09c763

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

VariantClear
VariantChangeType
VariantInit
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayDestroy
SysAllocString
SysFreeString

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW

user32

GetActiveWindow
CallNextHookEx
GetKeyState
GetMessageW
UnhookWindowsHookEx
EndPaint
BeginPaint
DrawTextW
GetWindowDC
DrawTextExW
GetDC
GetSysColor
LoadCursorW
GetMenuItemID
GetMenuItemCount
DispatchMessageW
DestroyMenu
CreateWindowExA
UnregisterClassA
RegisterClassExA
SendDlgItemMessageA
CharUpperBuffA
PostQuitMessage
PeekMessageW
ValidateRect
TranslateMessage
SetWindowsHookExW
GetSubMenu
GetSystemMetrics
CharUpperW
EnableWindow
SendMessageW
InvalidateRect
UpdateWindow
KillTimer
SetTimer
RegisterWindowMessageW
ReleaseDC
GetSysColorBrush
CharUpperBuffW
RealChildWindowFromPoint
SetMenuItemBitmaps
DefWindowProcW
EnumDisplayMonitors
GetClassInfoW
GetMonitorInfoW
MapWindowPoints
GetClientRect
SystemParametersInfoW
DeferWindowPos
GetWindowRect
BeginDeferWindowPos
CopyRect
IsChild
GetClassNameW
EndDeferWindowPos
SetRectEmpty
GetWindow
GetFocus
SetWindowPos
SetWindowTextW
ShowWindow
IsDialogMessageW
GetDlgCtrlID
SetFocus
SetWindowLongW
GetWindowTextW
GetWindowLongW
DestroyWindow
GetMenuCheckMarkDimensions
SetMenuItemInfoW
SetActiveWindow
EndDialog
IsWindow
IsWindowEnabled
GetDlgItem
GetDesktopWindow
CreateDialogIndirectParamW
GetParent
GetNextDlgTabItem
TabbedTextOutW
GrayStringW
ScreenToClient
ClientToScreen
MessageBoxW
GetLastActivePopup
GetWindowThreadProcessId
IsIconic
SetForegroundWindow
PtInRect
GetClassInfoExW
GetClassLongW
LoadBitmapW
LoadIconW
SetPropW
GetMessageTime
WinHelpW
SetMenu
GetForegroundWindow
GetTopWindow
RegisterClassW
IsMenu
RedrawWindow
GetCapture
GetScrollPos
RemovePropW
CreateWindowExW
MonitorFromWindow
GetPropW
GetMenu
PostMessageW
CallWindowProcW
GetMessagePos
AdjustWindowRectEx
EnableMenuItem
CheckMenuItem

shell32

ShellExecuteW

ole32

CoSetProxyBlanket
CoCreateGuid
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitializeSecurity

msvcrt

_errno
free
wcsncpy_s
ftell
__doserrno
_get_osfhandle
ferror
fflush
clearerr_s
fclose
_fdopen
fputws
fseek
_fileno
fwrite
fgetws
feof
_mktime64
wcsnlen
_vsnprintf
_ftol2_sse
atexit
_expand
strncpy
memcpy
memset
memcmp
qsort
_snprintf
_strtoi64
memchr
_time64
strchr
strtod
localeconv
fread
_open_osfhandle
__CxxFrameHandler3
wcscpy_s
_vsnwprintf
_msize
malloc
_wcsicmp
wcspbrk
wcsspn
wcsrchr
wcscspn
wcschr
wcscat_s
_purecall
realloc
atol
_wcsicoll
memmove

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegEnumValueW
RegDeleteKeyW

kernel32

EncodePointer
GetSystemDirectoryW
LoadLibraryW
SetThreadPriority
GetCurrentThreadId
lstrcpynW
lstrcatW
lstrcpyW
GetFileSizeEx
SetFileAttributesW
GetFileAttributesExW
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetFileTime
CompareStringW
GlobalDeleteAtom
GlobalGetAtomNameW
lstrcmpA
GlobalFindAtomW
FreeLibrary
lstrcmpW
LoadLibraryA
lstrcmpiA
GetSystemTimeAsFileTime
HeapCreate
GlobalFlags
FindNextFileW
GetExitCodeProcess
GetModuleHandleA
GetWindowsDirectoryW
VerifyVersionInfoW
VerSetConditionMask
K32GetModuleFileNameExW
GlobalReAlloc
LocalReAlloc
TlsGetValue
TlsAlloc
LocalAlloc
TlsSetValue
GlobalHandle
GetVersionExW
GetDriveTypeW
GetFileAttributesW
GetProcessId
IsDebuggerPresent
lstrcatA
GetVersionExA
GetSystemInfo
lstrcpynA
SwitchToThread
GetTickCount
ReadFile
SizeofResource
GetVolumeInformationW
FindFirstFileW
HeapFree
EnterCriticalSection
GetFullPathNameW
GetCurrentProcess
WriteFile
GetModuleFileNameW
LockFile
LeaveCriticalSection
SetFilePointer
SetEndOfFile
InitializeCriticalSectionEx
FindClose
CreateFileW
DuplicateHandle
GetLastError
LockResource
DeleteFileW
CloseHandle
LoadResource
FindResourceW
HeapAlloc
DecodePointer
UnlockFile
GetProcAddress
GetFileSize
DeleteCriticalSection
GetModuleHandleW
lstrcmpiW
MoveFileW
LoadLibraryExW
FlushFileBuffers
InitializeCriticalSection
GetOEMCP
CreateMutexW
MultiByteToWideChar
GetCurrentThread
GetCurrentProcessId
CreateDirectoryW
GlobalAddAtomW
FormatMessageW
GlobalAlloc
GlobalFree
GlobalLock
LocalFree
GlobalUnlock
MulDiv
WideCharToMultiByte
OutputDebugStringW
DisconnectNamedPipe

gdi32

ExtTextOutW
PtVisible
Escape
CreateBitmap
SetMapMode
DeleteDC
RestoreDC
SetBkColor
GetObjectW
SetViewportOrgEx
ScaleViewportExtEx
CreatePen
SetTextColor
TextOutW
CreatePatternBrush
GetDeviceCaps
CreateSolidBrush
SetViewportExtEx
CreateCompatibleBitmap
CreateDIBitmap
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
CreateFontIndirectW
BitBlt
SaveDC
ScaleWindowExtEx
SelectObject
CreateCompatibleDC
RectVisible
GetStockObject
GetClipBox
SetWindowExtEx
OffsetViewportOrgEx
DeleteObject

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
GetFileTitleW

oleacc

CreateStdAccessibleObject
LresultFromObject

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

Exports

Exports

DllRegisterServer

Sections

.text
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

8e5fe034ddea581be35472bb9e09c763

Headers

File Characteristics

Imports

oleaut32

shlwapi

user32

shell32

ole32

msvcrt

advapi32

kernel32

gdi32

comdlg32

oleacc

winspool.drv

Exports

Exports

Sections

.text Size: 281KB - Virtual size: 281KB

.rdata Size: 236KB - Virtual size: 236KB

.data Size: 7KB - Virtual size: 16KB

.CRT Size: 512B - Virtual size: 96B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 281KB - Virtual size: 281KB

.rdata
Size: 236KB - Virtual size: 236KB

.data
Size: 7KB - Virtual size: 16KB

.CRT
Size: 512B - Virtual size: 96B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB