qakbot | 632-55-0x0000000010000000-0x0000000010024000-memory[.]dmp

General

Target

632-55-0x0000000010000000-0x0000000010024000-memory.dmp
Size

144KB
MD5

8b5cbdaecf931f12b278d9a027dbbd97
SHA1

6b7cd10c781042ed2e4c9bf4951aa4cac0c4a5cf
SHA256

03615e5a368ed471aea01e42bc273bec632187c34e178855584e4cf1759575be
SHA512

a71e72619174f655cf68f2fe74c283781f4466bac16ce15a637983c0027a15dc2ac68b3fb8172e5aa2c51627757502a549489434ed2d9cad0d502bbc5207c613
SSDEEP

3072:1BQGpV0kS95ObbMv8mCOihAAfBqJZmtf7cTBfw8mERkFu:NS9kPyCVh1fBqJEtf7cTBI8lRkFu

Score

10^/10

bb32 1686735623 qakbot

Malware Config

Extracted

Family

qakbot

Version

404.1374

Botnet

BB32

Campaign

1686735623

C2

86.129.138.170:443

113.11.92.30:443

12.172.173.82:2087

72.205.104.134:443

84.213.236.225:995

92.186.69.229:2222

1.221.179.74:443

103.141.50.43:995

58.162.223.233:443

96.242.126.116:2222

92.154.17.149:2222

75.109.111.89:443

125.99.76.102:443

80.12.88.148:2222

109.149.147.195:2222

27.99.32.26:2222

70.28.50.223:3389

70.28.50.223:32100

86.97.96.62:2222

66.241.183.99:443

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
632-55-0x0000000010000000-0x0000000010024000-memory.dmp

Files

632-55-0x0000000010000000-0x0000000010024000-memory.dmp
.dll windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB