qakbot | 3f004293165057ac40d7d2dc663cc62c877ebe29601251dcca24b6aa1062b7af[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

3f004293165057ac40d7d2dc663cc62c877ebe29601251dcca24b6aa1062b7af.zip
Size

71KB
MD5

28f0aff73526090d77d7a80ce4ec594d
SHA1

1dd840bc062e2cf0bd675cf739f3887e3b2ea5fb
SHA256

e8495c6ffb56d0236412300eb97d96ae2d976b2f1228b6f5674d9e2f4b0b0aa3
SHA512

b8bf191ec43fc363d01a489c7afd8957b9d61d1fa5584eb6f53c80c1167c3a02aabc79adcc8633ecacccb31a66da488107040d96e1627545dbfe90047bef2102
SSDEEP

1536:+5Yq3nvkP4DQvNHbWmiFFawmS0wH8aFTpqsslxeeS++rMSZIQi3vnGBw:YjnvkCEqmUFTCmRo/xu+JSZhi3fG+

Score

10^/10

obama150 1640256791 qakbot

Malware Config

Extracted

Family

qakbot

Version

403.10

Botnet

obama150

Campaign

1640256791

96.21.251.127:2222

70.51.134.181:2222

69.14.172.24:443

186.64.87.213:443

94.62.161.77:995

103.139.242.30:990

114.79.148.170:443

217.164.247.241:2222

178.153.86.181:443

136.232.34.70:443

37.210.226.125:61202

173.21.10.71:2222

31.219.154.176:32101

140.82.49.12:443

32.221.229.7:443

24.152.219.253:995

106.51.48.170:50001

114.38.161.124:995

96.37.113.36:993

190.39.205.165:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Signatures

Qakbot family
qakbot
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack002/Qak_02CF0000.bin

resource
unpack002/Qak_02CF0000.bin

Files

3f004293165057ac40d7d2dc663cc62c877ebe29601251dcca24b6aa1062b7af.zip
.zip

Password: infected
3f004293165057ac40d7d2dc663cc62c877ebe29601251dcca24b6aa1062b7af.7z
.7z

Password: infected
Qak_02CF0000.bin
.dll regsvr32 windows:6 windows x86 arch:x86

Password: infected

3c4a379270b250744490829165226c41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_ntoa

msvcrt

localeconv
strtod
strchr
strncpy
_time64
malloc
free
memset
memchr
_strtoi64
_ftol2_sse
_vsnwprintf
memcpy
atol
_errno
qsort
_snprintf
_vsnprintf

kernel32

GetWindowsDirectoryW
GetSystemInfo
GetTickCount
LoadLibraryW
FlushFileBuffers
GetVersionExA
lstrcmpiA
LocalAlloc
SetFileAttributesW
FindNextFileW
FindFirstFileW
GetExitCodeProcess
GetCurrentProcess
CreateMutexA
lstrcmpA
DuplicateHandle
GetCurrentThread
lstrcpynA
GetLastError
lstrcatA
CreateDirectoryW
DisconnectNamedPipe
lstrcpynW
GetProcessId
lstrcatW
lstrcpyW
GetCurrentProcessId
lstrcmpiW
SetLastError
GetModuleFileNameW
GetFileAttributesW
GetModuleHandleA
MultiByteToWideChar
GetDriveTypeW
K32GetModuleFileNameExW
MoveFileW
SwitchToThread
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
WideCharToMultiByte
LoadLibraryA
FreeLibrary
GetSystemTimeAsFileTime
SetThreadPriority
CreatePipe

user32

DestroyWindow
CreateWindowExA
UnregisterClassA
RegisterClassExA
CharUpperBuffA
DefWindowProcA
CharUpperBuffW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
SysFreeString
VariantClear
SysAllocString

Exports

Exports

DllRegisterServer

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

Password: infected

3c4a379270b250744490829165226c41

Headers

File Characteristics

Imports

ws2_32

msvcrt

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB