qakbot | 1036-55-0x0000000010000000-0x0000000010024000-memory[.]dmp

General

Target

1036-55-0x0000000010000000-0x0000000010024000-memory.dmp
Size

144KB
MD5

ebb4f4cd3d168685203580d9054e4fdf
SHA1

60247c8a39f4760ec858c4fed7d1af0cabcc0f85
SHA256

c65356d5b75f2ef39b1aa1104a51ede11e285f4b66e392fe07aa4bbd8266321f
SHA512

530c8ef12e80a04bb193c5ed48a4048156924b2f27a04ee8b5017119568c97a2d9d7d49452734fcd6a67f701394864348164fbf70ae8d3ac8b2e28e9d727a46a
SSDEEP

3072:VnPYcZtZHhf+pE90L6+j5zZCb+dJAC8nJxmefH8cTBfwFy1bWeMhM:5Vh2pE90L6mzZCSdCdnJsefccTBIFwCK

Score

10^/10

obama271 1687438904 qakbot

Malware Config

Extracted

Family

qakbot

Version

404.1405

Botnet

obama271

Campaign

1687438904

C2

70.28.50.223:2083

103.141.50.79:995

184.182.66.109:443

122.184.143.82:443

91.254.145.252:443

37.14.229.220:2222

64.229.117.208:2222

77.126.99.230:443

87.252.106.235:995

12.172.173.82:32101

95.230.110.222:995

88.169.33.180:2222

70.28.50.223:1194

72.80.94.230:443

191.191.1.254:995

209.171.160.69:995

45.62.67.129:443

24.234.80.122:995

81.150.169.174:2222

121.121.100.202:995

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1036-55-0x0000000010000000-0x0000000010024000-memory.dmp

Files

1036-55-0x0000000010000000-0x0000000010024000-memory.dmp
.dll windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB