qakbot | 316-54-0x0000000000280000-0x00000000002A4000-memory[.]dmp

Resubmissions

11-03-2024 21:35

240311-1ffx5afa5x 10

11-03-2024 21:34

240311-1eqe6sfa3y 10

11-03-2024 21:33

240311-1efwqsha88 10

11-03-2024 20:50

240311-zm1ensga78 10

Sharing

Copy URL

Twitter E-mail

General

Target

316-54-0x0000000000280000-0x00000000002A4000-memory.dmp
Size

144KB
MD5

dd80117a1b0174932875a12a42cd875f
SHA1

d9eb9a216dc9688b7918d14f0ac229ec66aa671e
SHA256

47c6df8465a23560f384f76a6052a35c7253696bc1abaa4631647b88795d17fa
SHA512

2d239edd815d92639c60cac9cfedcfc67e36faf48a277e5d459b543bb46e5c3cc634ae282a396075416915d706dfe7a3773124609e411041a9fc86285e709d34
SSDEEP

3072:y0cK9DFCoybq0NwvsaAHyFAfOJI4fxzTBfQjcoG5y:kPiUaB2fOJrfxzTBojcoG5y

Score

10^/10

snow09 1686740620 qakbot

Malware Config

Extracted

Family

qakbot

Version

404.1377

Botnet

snow09

Campaign

1686740620

101.184.155.156:2222

89.79.229.50:443

173.17.45.60:443

124.246.122.199:2222

84.215.202.8:443

122.184.143.86:443

79.168.224.165:2222

151.62.174.154:443

124.122.47.148:443

31.190.240.11:443

92.239.81.124:443

31.53.29.210:2222

172.115.17.50:443

70.28.50.223:2083

64.121.161.102:443

187.199.244.117:32103

91.68.227.219:443

176.142.207.63:443

47.199.241.39:443

89.129.109.27:2222

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
316-54-0x0000000000280000-0x00000000002A4000-memory.dmp

Files

316-54-0x0000000000280000-0x00000000002A4000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB