qakbot | 3460-134-0x0000000010000000-0x0000000010023000-memory[.]dmp

Resubmissions

02-03-2024 10:38

240302-mpj49ace3y 10

02-03-2024 06:52

240302-hm9jxabc91 10

Sharing

Copy URL

Twitter E-mail

General

Target

3460-134-0x0000000010000000-0x0000000010023000-memory.dmp
Size

140KB
MD5

bbb6c0031fd09c75e9c8e6921ee69142
SHA1

42d77b2fc9938b9b9ecc0e7ad0aacf4508caff39
SHA256

93646a5c48ea03eff9767ec6fcacea0799f449296d031524832adff217ad284d
SHA512

bd1ea2f965c18f2b840318b985c86b63b7c46f782f8e3c7c6758b3bf85d7e0bcff9dafe06da37564c7ae990a79145b4d5552cfbfa8f7fc093580f30f0c2d9f1b
SSDEEP

3072:YKUR+AIznCp7BQCrZJzSWjsdA0Jl0ns9p8TBfPVo/lo:YbIznCVKCtcWjs+0J6nK8TBHVo/S

Score

10^/10

bb15 1676367197 qakbot

Malware Config

Extracted

Family

qakbot

Version

404.506

Botnet

BB15

Campaign

1676367197

85.61.165.153:2222

12.172.173.82:995

73.161.176.218:443

213.67.255.57:2222

81.157.227.223:2222

95.94.41.77:2222

75.143.236.149:443

213.31.90.183:2222

85.241.180.94:443

98.145.23.67:443

122.184.143.82:443

71.52.53.166:443

162.248.14.107:443

190.206.75.58:2222

86.169.203.116:443

82.127.204.82:2222

47.21.51.138:995

75.98.154.19:443

45.246.235.113:995

91.68.227.219:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
3460-134-0x0000000010000000-0x0000000010023000-memory.dmp

Files

3460-134-0x0000000010000000-0x0000000010023000-memory.dmp
.dll windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB