qakbot | 2008-54-0x0000000000170000-0x0000000000194000-memory[.]dmp

General

Target

2008-54-0x0000000000170000-0x0000000000194000-memory.dmp
Size

144KB
MD5

67d313a543e5e6f0108c724b84d5732e
SHA1

f5bc15a3fc36a5bb814c1e99b7df1b61ba74f46e
SHA256

d436fea496c2c26b861f2b581b6f230a44f6e6d0afa2b09a75a803785ba68748
SHA512

c8e7794850c6fee32c7eda19b84848226a5e87cd3a541c0dbba9116da231bb558eb86b5d658620612c09c14d3c41ca518bbe898e7f9a6f99bd178522b2b8226b
SSDEEP

3072:JHWOa07CDy/7qsE9nGA1JUTFr4TBf//Wpn2d:4O/msEpj1JQFr4TB3

Score

10^/10

obama251 1681297615 qakbot

Malware Config

Extracted

Family

qakbot

Version

404.919

Botnet

obama251

Campaign

1681297615

C2

96.87.28.170:2222

74.92.243.115:50000

75.109.111.89:443

157.119.85.203:443

201.244.108.183:995

86.130.9.222:2222

71.171.83.69:443

68.173.170.110:8443

47.205.25.170:443

92.239.81.124:443

172.248.42.122:443

71.38.155.217:443

172.90.139.138:2222

12.172.173.82:50001

92.149.250.113:2222

12.172.173.82:22

81.101.185.146:443

75.149.21.157:443

12.172.173.82:2087

78.130.215.67:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2008-54-0x0000000000170000-0x0000000000194000-memory.dmp

Files

2008-54-0x0000000000170000-0x0000000000194000-memory.dmp
.dll windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB