2024-05-24_6b39f912db6208d084450bdbb30cf59a_mafia_qakbot | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-24_6b39f912db6208d084450bdbb30cf59a_mafia_qakbot
Size

972KB
MD5

6b39f912db6208d084450bdbb30cf59a
SHA1

7092807e2a0531b982fd6134b64afcbf148f7a52
SHA256

720fcc61d0eb0cacf20bdf7e013d5e067f5172191ce4d158652600bb8aa65900
SHA512

7f9b7c3a39614eed12f36a54a601001df678140cdc5f21ed21352e23c3e85fc6f8b7b64953d21f7c15968989a5c38ea615bbd42cc9f2b9041925f47b41c4077a
SSDEEP

24576:yGmj8GFiYBcNDDot26QkBqbVJS04SPH8xnHT+v+:yGmg/lDtx/D4Sj+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-24_6b39f912db6208d084450bdbb30cf59a_mafia_qakbot

Files

2024-05-24_6b39f912db6208d084450bdbb30cf59a_mafia_qakbot
.exe windows:5 windows x86 arch:x86

06fa29813db6c1f98441703604fe5cf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
VirtualProtect
ExitProcess

Sections

.text
Size: 578KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ