qakbot | 611fb912ca0d8a8d6b57a5fe54c4b3ad_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

611fb912ca0d8a8d6b57a5fe54c4b3ad_JaffaCakes118
Size

221KB
MD5

611fb912ca0d8a8d6b57a5fe54c4b3ad
SHA1

d30d809df1e1f8db5511621c4869cf954d9ffe32
SHA256

b3781927bcf7932c336630f636f47cbdba47e2f5aa94039f87fbb15797455535
SHA512

812426a098f3d277e9d004e9fd288d2fe26ba410d4a79db1338c8f8faca03cb0f33da84f1f8575ab37dd554e26cff52428c3c10cc585d1c96df88e140ae056ef
SSDEEP

6144:9iCJP2aHc28pmBIUFqOkTo2/Pd7IYbUN0DQ2:9f82DICqJTo2tcqUN

Score

10^/10

spx88 1585759147 qakbot

Malware Config

Extracted

Family

qakbot

Version

324.75

Botnet

spx88

Campaign

1585759147

70.171.43.208:443

75.183.171.155:3389

68.49.120.179:443

189.160.175.134:443

24.168.237.215:443

5.14.217.101:443

47.40.244.237:443

71.77.252.14:2222

184.176.139.8:443

47.39.76.74:443

72.29.181.77:2222

208.101.148.129:995

100.40.48.96:443

5.233.232.81:61202

188.241.126.118:443

68.174.15.223:443

64.19.74.29:995

70.170.111.174:443

75.82.228.209:443

63.155.135.211:995

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
611fb912ca0d8a8d6b57a5fe54c4b3ad_JaffaCakes118

Files

611fb912ca0d8a8d6b57a5fe54c4b3ad_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3489ec6897bf25dd7f5d86ee09369d0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

GetUserProfileDirectoryW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoInitialize
CoInitializeSecurity

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

kernel32

GetLastError
GetProcAddress
LoadLibraryA
lstrcmpiW
GetModuleHandleA
CloseHandle
GetCurrentProcessId
GetEnvironmentVariableW
lstrlenA
WideCharToMultiByte
lstrcatA
GetEnvironmentVariableA
MultiByteToWideChar
lstrlenW
lstrcatW
lstrcpyA
HeapAlloc
HeapFree
HeapCreate
VirtualAlloc
GetFileSize
lstrcmpiA
GetModuleFileNameA
FindResourceA
LoadResource
SizeofResource
GetThreadContext
CreateEventA
GetModuleHandleW
LoadLibraryW
TerminateProcess
DeleteFileW
ResumeThread
ExpandEnvironmentStringsW
GetComputerNameW
GetVolumeInformationW
ReleaseMutex
GetExitCodeProcess
GetSystemTimeAsFileTime
SetEnvironmentVariableW
GetTickCount
GetModuleFileNameW
GetSystemInfo
SetEnvironmentVariableA
GetVersionExA
CopyFileW
SetEvent
OpenEventA
CreateMutexA
TerminateThread
CreateThread
GetFileAttributesA
GetFileAttributesW
GetCurrentThread
LocalAlloc
GetLocalTime
LocalFree
lstrcpyW
CreateDirectoryW
SleepEx
WaitForSingleObject
FreeLibrary
GetDriveTypeW
lstrcmpA
GetCommandLineW
ExitProcess
lstrcpynW
Sleep
SystemTimeToFileTime
GetSystemTime
GetCurrentProcess
GetWindowsDirectoryW

user32

CharUpperBuffA
MessageBoxA
GetClassNameA
CharUpperBuffW

advapi32

RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
LookupAccountNameW
EqualSid
SetServiceStatus
RegUnLoadKeyW
RegLoadKeyW
ConvertSidToStringSidW
RegSetValueExW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegCloseKey
SetFileSecurityW
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
LookupAccountSidW
CreateProcessAsUserW

msvcrt

memcpy
memset
_vsnwprintf
_vsnprintf
_except_handler3
_ltoa

netapi32

NetApiBufferFree
NetUserEnum
NetGetDCName

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

3489ec6897bf25dd7f5d86ee09369d0d

Headers

DLL Characteristics

File Characteristics

Imports

userenv

ole32

shell32

setupapi

kernel32

user32

advapi32

msvcrt

netapi32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 157KB - Virtual size: 157KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 157KB - Virtual size: 157KB

.reloc
Size: 3KB - Virtual size: 2KB