DllInstall
DllRegisterServer
DllUnregisterServer
General
-
Target
Qbot_final_payload.dll
-
Size
136KB
-
MD5
a934de66a7fe2756ef4cb9c1f83b8c3a
-
SHA1
7fe299c05e678caa96042fc00da4b6b1fdfb46d3
-
SHA256
17ba1b948fd54fe848fb3ddb50ecaa22491055f0784570e921dabfa6933e6546
-
SHA512
c7c3f26491d8531e8352f4f16dce67197f6207c2279f09f4eff5492fb7bfcf0e89340e04eea372727bd846fe8b4dd5257f753aaf5ec0ef3c3dc9b29aef69ffc9
-
SSDEEP
3072:qQShZZuhK7wnmsQ/EjMYAOgJLYHahTBfYjS:TS5uhK7JsQ/B9OgJsHahTBw2
Score
10/10
Malware Config
Extracted
Family
qakbot
Version
403.688
Botnet
AA
Campaign
1654167455
C2
37.34.253.233:443
75.99.168.194:61201
182.191.92.203:995
121.7.223.45:2222
210.246.4.69:995
47.23.89.60:993
217.165.176.49:2222
89.211.179.247:2222
148.0.61.36:443
74.14.5.179:2222
118.172.248.47:443
80.11.74.81:2222
85.246.82.244:443
67.165.206.193:993
186.90.153.162:2222
124.40.244.115:2222
120.150.218.241:995
5.32.41.45:443
177.94.57.126:32101
31.35.28.29:443
37.186.54.254:995
173.174.216.62:443
78.160.234.16:443
79.129.121.68:995
175.145.235.37:443
86.98.151.244:2222
91.177.173.10:995
197.89.128.212:443
217.128.122.65:2222
24.139.72.117:443
39.44.120.20:995
32.221.224.140:995
70.46.220.114:443
24.178.196.158:2222
31.48.174.63:2078
143.0.219.6:995
144.202.3.39:995
140.82.63.183:995
45.76.167.26:995
149.28.238.199:443
45.63.1.12:995
144.202.2.175:443
144.202.2.175:995
140.82.63.183:443
149.28.238.199:995
45.76.167.26:443
144.202.3.39:443
45.63.1.12:443
86.195.158.178:2222
202.134.152.2:2222
39.52.78.252:995
1.161.123.180:443
67.209.195.198:443
140.82.49.12:443
187.207.131.50:61202
86.97.9.190:443
176.67.56.94:443
92.132.172.197:2222
148.64.96.100:443
108.60.213.141:443
76.70.9.169:2222
72.27.33.160:443
217.164.118.38:2222
217.165.84.153:993
217.164.118.38:1194
117.248.109.38:21
90.120.65.153:2078
197.167.61.123:993
172.115.177.204:2222
208.107.221.224:443
69.14.172.24:443
45.46.53.140:2222
173.21.10.71:2222
174.69.215.101:443
76.25.142.196:443
73.151.236.31:443
186.106.204.45:443
201.145.165.25:443
190.252.242.69:443
72.252.157.93:990
72.252.157.93:993
47.156.131.10:443
70.51.135.90:2222
72.252.157.93:995
63.143.92.99:995
79.80.80.29:2222
187.16.64.193:2222
40.134.246.185:995
41.38.167.179:995
100.1.108.246:443
177.205.155.85:443
179.158.105.44:443
177.133.210.218:443
47.157.227.70:443
109.12.111.14:443
89.101.97.139:443
102.182.232.3:995
41.84.229.153:995
189.146.87.77:443
93.48.80.198:995
24.55.67.176:443
82.152.39.39:443
187.251.132.144:22
39.49.17.215:995
196.203.37.215:80
2.50.137.23:443
78.12.148.155:2222
39.44.66.76:995
1.161.123.180:995
84.241.8.23:32103
41.86.42.158:995
189.223.134.157:443
82.41.63.217:443
201.172.23.68:2222
197.94.217.212:443
180.129.108.214:995
89.86.33.217:443
39.41.177.36:995
179.100.20.32:32101
106.51.48.170:50001
41.84.229.240:443
46.198.231.232:995
111.125.245.116:995
96.37.113.36:993
124.109.35.32:995
37.208.132.102:6883
201.242.175.29:2222
38.70.253.226:2222
187.149.236.5:443
217.165.79.88:443
85.255.232.18:443
103.246.242.202:443
41.230.62.211:995
67.69.166.79:2222
125.43.87.167:2222
172.114.160.81:995
94.26.122.9:995
75.99.168.194:443
189.253.206.105:443
81.215.196.174:443
46.107.48.202:443
59.93.93.37:443
2.34.12.8:443
181.208.248.227:443
103.116.178.85:995
41.228.22.180:443
120.61.2.124:443
89.137.52.44:443
72.66.116.235:995
125.168.47.127:2222
Attributes
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Signatures
-
Qakbot family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Qbot_final_payload.dll
Files
-
Qbot_final_payload.dll.dll regsvr32 windows:6 windows x86 arch:x86
fcee36a1a37f58eb0ce848652ae40e15
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
msvcrt
_snprintf
_errno
_strtoi64
_vsnprintf
memchr
memset
free
_vsnwprintf
qsort
malloc
_time64
strncpy
strchr
strtod
localeconv
_ftol2_sse
atol
memcpy
kernel32
GetTickCount
GetModuleHandleA
GetWindowsDirectoryW
GetCurrentDirectoryW
GetSystemInfo
GetVersionExA
GetCommandLineW
LoadLibraryW
FlushFileBuffers
LocalAlloc
CreateMutexW
DuplicateHandle
GetCurrentThread
lstrcmpA
GetLastError
lstrcatA
CreateDirectoryW
DisconnectNamedPipe
lstrcpynW
GetProcessId
lstrcatW
lstrcpyW
GetOEMCP
GetFileAttributesW
lstrcmpiW
GetDriveTypeW
K32GetModuleFileNameExW
MoveFileW
lstrcpynA
lstrlenA
GetCurrentProcessId
SwitchToThread
GetModuleHandleW
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
FreeLibrary
lstrcmpiA
GetSystemTimeAsFileTime
SetThreadPriority
lstrlenW
SetFileAttributesW
GetExitCodeProcess
FindFirstFileW
FindNextFileW
user32
DefWindowProcW
UnregisterClassA
RegisterClassExA
CharUpperBuffW
CharUpperBuffA
CreateWindowExA
DestroyWindow
shell32
CommandLineToArgvW
ole32
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
oleaut32
SafeArrayGetElement
SafeArrayGetLBound
SysFreeString
SysAllocString
VariantClear
SafeArrayDestroy
SafeArrayGetUBound
Exports
Exports
Sections
.text Size: 96KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ