qakbot | 2004-54-0x0000000010000000-0x0000000010023000-memory[.]dmp

General

Target

2004-54-0x0000000010000000-0x0000000010023000-memory.dmp
Size

140KB
MD5

4f51dae1c6181e10574b27171d5efdd5
SHA1

59538604a6ea80773da78d50f2b0fad9eef3a98f
SHA256

9cdb8dcc15ca3714a9bf53d8d316bca66643f75e4f40ca15895c7136fe7bdc0e
SHA512

a38dbc12bc4e3658477bcc3658befc297f1ae744998d5b273d5cf382771fe7af084e478c28ad4b4d11f691c711fe1281875aae3f360b516f2297efa27b04196f
SSDEEP

3072:MjPR4nxKRttVbYKAk67CERzMRAPJyDnoMTBfPuq:MHRxbYK0CEMaPJynoMTBHN

Score

10^/10

obama243 1678889958 qakbot

Malware Config

Extracted

Family

qakbot

Version

404.263

Botnet

obama243

Campaign

1678889958

C2

91.196.69.245:443

90.104.22.28:2222

37.14.229.220:2222

88.126.94.4:50000

92.159.173.52:2222

122.184.143.85:443

85.61.165.153:2222

86.195.14.72:2222

92.154.17.149:2222

47.203.229.168:443

98.187.21.2:443

70.51.152.61:2222

91.68.227.219:443

92.154.45.81:2222

88.122.133.88:32100

98.147.155.235:443

91.254.229.61:443

213.31.90.183:2222

174.118.36.28:443

197.14.148.149:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2004-54-0x0000000010000000-0x0000000010023000-memory.dmp

Files

2004-54-0x0000000010000000-0x0000000010023000-memory.dmp
.dll windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB