General

  • Target

    2008-54-0x0000000000170000-0x0000000000194000-memory.dmp

  • Size

    144KB

  • MD5

    67d313a543e5e6f0108c724b84d5732e

  • SHA1

    f5bc15a3fc36a5bb814c1e99b7df1b61ba74f46e

  • SHA256

    d436fea496c2c26b861f2b581b6f230a44f6e6d0afa2b09a75a803785ba68748

  • SHA512

    c8e7794850c6fee32c7eda19b84848226a5e87cd3a541c0dbba9116da231bb558eb86b5d658620612c09c14d3c41ca518bbe898e7f9a6f99bd178522b2b8226b

  • SSDEEP

    3072:JHWOa07CDy/7qsE9nGA1JUTFr4TBf//Wpn2d:4O/msEpj1JQFr4TB3

Malware Config

Extracted

Family

qakbot

Version

404.919

Botnet

obama251

Campaign

1681297615

C2

96.87.28.170:2222

74.92.243.115:50000

75.109.111.89:443

157.119.85.203:443

201.244.108.183:995

86.130.9.222:2222

71.171.83.69:443

68.173.170.110:8443

47.205.25.170:443

92.239.81.124:443

172.248.42.122:443

71.38.155.217:443

172.90.139.138:2222

12.172.173.82:50001

92.149.250.113:2222

12.172.173.82:22

81.101.185.146:443

75.149.21.157:443

12.172.173.82:2087

78.130.215.67:443

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

  • Qakbot family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2008-54-0x0000000000170000-0x0000000000194000-memory.dmp
    .dll windows:6 windows x86 arch:x86


    Headers

    Sections