General

  • Target

    1036-55-0x0000000010000000-0x0000000010024000-memory.dmp

  • Size

    144KB

  • MD5

    ebb4f4cd3d168685203580d9054e4fdf

  • SHA1

    60247c8a39f4760ec858c4fed7d1af0cabcc0f85

  • SHA256

    c65356d5b75f2ef39b1aa1104a51ede11e285f4b66e392fe07aa4bbd8266321f

  • SHA512

    530c8ef12e80a04bb193c5ed48a4048156924b2f27a04ee8b5017119568c97a2d9d7d49452734fcd6a67f701394864348164fbf70ae8d3ac8b2e28e9d727a46a

  • SSDEEP

    3072:VnPYcZtZHhf+pE90L6+j5zZCb+dJAC8nJxmefH8cTBfwFy1bWeMhM:5Vh2pE90L6mzZCSdCdnJsefccTBIFwCK

Malware Config

Extracted

Family

qakbot

Version

404.1405

Botnet

obama271

Campaign

1687438904

C2

70.28.50.223:2083

103.141.50.79:995

184.182.66.109:443

122.184.143.82:443

91.254.145.252:443

37.14.229.220:2222

64.229.117.208:2222

77.126.99.230:443

87.252.106.235:995

12.172.173.82:32101

95.230.110.222:995

88.169.33.180:2222

70.28.50.223:1194

72.80.94.230:443

191.191.1.254:995

209.171.160.69:995

45.62.67.129:443

24.234.80.122:995

81.150.169.174:2222

121.121.100.202:995

Signatures

  • Qakbot family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1036-55-0x0000000010000000-0x0000000010024000-memory.dmp
    .dll windows:6 windows x86 arch:x86


    Headers

    Sections