General

  • Target

    1920-55-0x0000000010000000-0x0000000010024000-memory.dmp

  • Size

    144KB

  • MD5

    a468377a96da4b446955c61c37726eeb

  • SHA1

    d2467859a691284bd700b25c7162e42b0cd3c911

  • SHA256

    4289e3595b6613c0d8432ce98cbf1a8368f09b728f3ff79935705657fd290350

  • SHA512

    098e1c8ff50dddaa12c6a47ed84641edbb46e201f5a2040ca6b7eb72902cb238ca339bd5272f45d42db575dbb642bf8f73a6edb0d61288cb7723c1929dee1ac2

  • SSDEEP

    3072:5ajYySWFPnCBAvkcCgIgAhtJ9mRfa8TBfwInbEwqX:WCBAv7CbVhtJgRfa8TBIIb9

Malware Config

Extracted

Family

qakbot

Version

404.1382

Botnet

obama269

Campaign

1687245474

C2

91.160.70.68:32100

182.75.189.42:995

151.62.196.183:443

72.134.124.16:443

104.35.24.154:443

84.215.202.8:443

71.31.9.226:995

103.153.180.59:995

45.62.75.217:443

95.230.110.222:995

49.175.72.81:443

12.172.173.82:22

168.149.47.12:443

68.186.65.132:443

113.11.92.30:443

116.75.58.218:443

151.69.32.238:443

24.138.87.122:995

96.87.28.170:2222

147.147.30.126:2222

Signatures

  • Qakbot family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1920-55-0x0000000010000000-0x0000000010024000-memory.dmp
    .dll windows:6 windows x86 arch:x86


    Headers

    Sections