General

  • Target

    1028-56-0x0000000010000000-0x0000000010024000-memory.dmp

  • Size

    144KB

  • MD5

    955c4ac88d9c97e70bd089d16df3a556

  • SHA1

    bdca898e23ea0a721f0e0604adaf365b5419ef23

  • SHA256

    da68ff966733742e5fbb2dd84ee7a296f61af8a2c3ecd153e20a48ddea2ecd6c

  • SHA512

    abe2ab52739f5ea733f32461e72665f54becaea6f2aea53f3c6e674c2ae61053e3563ec27da679d88163fe3a847eab3b0d9dd83122e366be78733248a3d0807a

  • SSDEEP

    3072:hFQGpV0kS95ObbMv8mCOihAAfBqJZmtfmOcTBfw8mEE:VS9kPyCVh1fBqJEtfmOcTBI8lE

Malware Config

Extracted

Family

qakbot

Version

404.1374

Botnet

obama268

Campaign

1686733312

C2

125.99.76.102:443

80.12.88.148:2222

109.149.147.195:2222

27.99.32.26:2222

70.28.50.223:3389

70.28.50.223:32100

86.97.96.62:2222

66.241.183.99:443

74.12.146.45:2222

190.199.147.209:2222

47.205.25.170:443

12.172.173.82:993

12.172.173.82:22

84.35.26.14:995

72.134.124.16:443

85.240.173.251:2078

50.68.186.195:443

65.190.242.244:443

45.62.75.217:443

203.109.44.236:995

Signatures

  • Qakbot family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1028-56-0x0000000010000000-0x0000000010024000-memory.dmp
    .dll windows:6 windows x86 arch:x86


    Headers

    Sections