General

  • Target

    2024-54-0x0000000000920000-0x0000000000943000-memory.dmp

  • Size

    140KB

  • MD5

    04d328430969a98fc0f3c880549efc76

  • SHA1

    7f2340ce7bc20bf91411f647aa89b4cf0038f000

  • SHA256

    c7af605f313be3a2fb4f8723f06debea52d65634b5708539a02d68cb8d7a629c

  • SHA512

    af59af56204210d936ac897c870b99bdc728ed0b0f37cf95d53e9b6320f164bb07ae7ca08afa4a6a6df2c88bcabc5325571a95fc10d740bf1bcb9cfac2a957bb

  • SSDEEP

    3072:maUblT1tz2in4h7N4ww7ymYAmJhBv2MTBf/lrEns3m:ZUbJn4hx4wQ9mJTv2MTBXlqs3

Score
10/10

Malware Config

Extracted

Family

qakbot

Version

404.226

Botnet

BB18

Campaign

1678346091

C2

114.143.176.235:443

92.154.17.149:2222

2.14.45.117:2222

84.108.200.161:443

109.11.175.42:2222

88.126.94.4:50000

87.202.101.164:50000

50.68.204.71:995

49.245.82.178:2222

12.172.173.82:32101

190.11.198.76:443

79.67.165.149:995

115.87.227.49:443

84.215.202.22:443

118.250.110.98:995

66.131.25.6:443

80.1.152.201:443

198.2.51.242:993

151.48.158.236:443

50.68.204.71:993

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

  • Qakbot family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-54-0x0000000000920000-0x0000000000943000-memory.dmp
    .dll windows:6 windows x86 arch:x86


    Headers

    Sections