qakbot | e70271f34d060cd4a2e7adb2fbb7c103

Resubmissions

02-02-2024 16:56

240202-vf4rasagh5 10

02-02-2024 16:53

240202-vebdcsagd8 10

28-12-2023 15:33

231228-szpelsdfe9 10

Sharing

Copy URL

Twitter E-mail

General

Target

e70271f34d060cd4a2e7adb2fbb7c103
Size

196KB
MD5

e70271f34d060cd4a2e7adb2fbb7c103
SHA1

a4afd5f8039cf9d018a8effe3f4900f3ba4ab1a2
SHA256

268313dea6a974871d0ea2ff8c2a404ee4479b3c0e043c858baaf98d208a2bb3
SHA512

8840d2b180c7356bcb25db9bdb089e1b496aa93617c582bb171dcec53221b1f4483743d373887368365b6834ce266ed51065759e3e3f9f33dd6fd632998e8789
SSDEEP

6144:YyvLH5hV0pO9Rr9c3ZPQFP3bO3OTBCxh+W:BbVQO9Tc2FTO3OTcH+W

Score

10^/10

abc112 1608025881 qakbot

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

abc112

Campaign

1608025881

149.28.98.196:995

149.28.99.97:995

45.63.107.192:2222

144.202.38.185:995

144.202.38.185:443

45.63.107.192:995

5.13.84.186:995

68.83.89.188:443

67.141.11.98:443

219.76.148.249:443

86.245.82.249:2078

116.240.78.45:995

37.182.244.124:2222

72.186.1.237:443

78.97.207.104:443

80.14.22.234:2222

202.141.225.158:443

72.28.255.159:995

37.6.208.105:2222

161.142.217.62:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
e70271f34d060cd4a2e7adb2fbb7c103

Files

e70271f34d060cd4a2e7adb2fbb7c103
.dll regsvr32 windows:5 windows x86 arch:x86

a89679aec70fab3dbac762460558a4bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_ntoa

psapi

GetModuleFileNameExW

msvcrt

_time64
strtod
_HUGE
localeconv
strchr
strncpy
malloc
free
qsort
memcpy
memmove
memset
atol
_vsnwprintf
_snprintf
_vsnprintf
_strtoi64
memchr
_errno

kernel32

lstrcmpA
lstrlenA
lstrcpynA
GetCurrentProcess
GetCurrentThread
MultiByteToWideChar
GetExitCodeThread
GetOEMCP
CreateMutexA
DuplicateHandle
GetCurrentProcessId
GetLastError
lstrcatA
CreateDirectoryW
DisconnectNamedPipe
lstrcpynW
GetProcessId
CopyFileW
lstrcatW
DeleteFileW
lstrcpyW
lstrcmpiW
CloseHandle
GetDriveTypeW
GetModuleHandleA
lstrlenW
MoveFileW
GetProcAddress
SwitchToThread
InterlockedIncrement
SetThreadPriority
HeapAlloc
HeapFree
HeapCreate
WideCharToMultiByte
FreeLibrary
GetSystemTimeAsFileTime
SetLastError
lstrcmpiA
LoadLibraryA
GetExitCodeProcess
CreatePipe
GetWindowsDirectoryW
FindFirstFileW
FindNextFileW
SetFileAttributesW
FlushFileBuffers
LocalAlloc
LoadLibraryW
GetTickCount
GetModuleFileNameW
GetSystemInfo
GetVersionExA

user32

CreateWindowExA
CharUpperBuffW
CharUpperBuffA
GetSystemMetrics
RegisterClassExA
DestroyWindow
DefWindowProcA
UnregisterClassA

advapi32

GetSidSubAuthority
OpenProcessToken
RegSetValueExW
RegQueryValueExW
IsTextUnicode
RegDeleteValueA
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegUnLoadKeyW
RegLoadKeyW
ConvertSidToStringSidW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
LookupAccountNameW
LookupAccountSidW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket

oleaut32

SafeArrayGetUBound
SysAllocString
SysFreeString
SafeArrayGetElement
SafeArrayDestroy
VariantClear
SafeArrayGetLBound

userenv

GetUserProfileDirectoryW

Exports

Exports

DllRegisterServer

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

a89679aec70fab3dbac762460558a4bc

Headers

File Characteristics

Imports

ws2_32

psapi

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

userenv

Exports

Exports

Sections

.text Size: 141KB - Virtual size: 141KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB