qakbot | b70799c95dd29b4f2d5be5bc7feecf34_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b70799c95dd29b4f2d5be5bc7feecf34_JaffaCakes118
Size

261KB
MD5

b70799c95dd29b4f2d5be5bc7feecf34
SHA1

a5e33928c0c0d69bf70463ba5ec0935f53a941d8
SHA256

6f1ad1628709f22d04611614ed48f80ff051bb1253ca26a3f99d8dabcc828661
SHA512

d17d48045e8298a53e7f5406ebeb91e1425b43b32e9d9445c61d2373f673ee18846287a3d7f6a279d8468e680cf4247f1bb2fee40a2a834d6f0b997d2a77325c
SSDEEP

6144:QinCSbUlS2EqPgZXD3romJDq0orQWau0Vj6he+a9:QinCEpwYD7e0osRHEU/

Score

10^/10

spx91 1586271390 qakbot

Malware Config

Extracted

Family

qakbot

Version

324.75

Botnet

spx91

Campaign

1586271390

74.109.200.208:443

108.227.161.27:995

98.13.0.128:443

79.113.219.121:443

84.247.55.190:443

80.14.209.42:2222

104.36.135.227:443

104.174.71.153:2222

96.232.203.15:443

173.79.220.156:443

174.54.24.110:995

50.244.112.10:443

76.23.204.29:443

69.206.6.71:2222

81.106.46.63:443

50.91.171.137:443

75.137.60.81:443

98.116.119.123:443

189.140.74.166:443

24.183.39.93:443

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b70799c95dd29b4f2d5be5bc7feecf34_JaffaCakes118

Files

b70799c95dd29b4f2d5be5bc7feecf34_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3f77a9c8f34dfaf6c90a2696beb06168

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

GetUserProfileDirectoryW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoInitialize
CoInitializeSecurity

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

kernel32

lstrcatA
CreateDirectoryA
GetProcAddress
LoadLibraryA
lstrcmpiW
GetModuleHandleA
CloseHandle
GetCurrentProcessId
GetEnvironmentVariableW
CreateFileA
SetFilePointer
lstrlenA
lstrcpynA
GetCurrentProcess
FormatMessageA
WriteFile
WideCharToMultiByte
GetEnvironmentVariableA
MultiByteToWideChar
lstrlenW
GetLocalTime
GetModuleFileNameA
lstrcatW
GetCurrentThreadId
OutputDebugStringA
lstrcpyA
HeapAlloc
HeapFree
HeapCreate
VirtualAlloc
GetFileSize
lstrcmpiA
CreateEventA
LoadResource
SizeofResource
GetThreadContext
GetModuleHandleW
LoadLibraryW
TerminateProcess
DeleteFileW
ResumeThread
ExpandEnvironmentStringsW
GetComputerNameW
GetVolumeInformationW
ReleaseMutex
GetExitCodeProcess
GetSystemTimeAsFileTime
SetEnvironmentVariableW
GetTickCount
GetModuleFileNameW
CopyFileW
SetEnvironmentVariableA
GetVersionExA
GetWindowsDirectoryW
SetEvent
OpenEventA
CreateMutexA
TerminateThread
CreateThread
GetCurrentThread
LocalAlloc
GetFileAttributesA
GetFileAttributesW
LocalFree
lstrcpyW
CreateDirectoryW
SleepEx
WaitForSingleObject
FreeLibrary
GetDriveTypeW
lstrcmpA
GetCommandLineW
ExitProcess
lstrcpynW
Sleep
GetLastError
SystemTimeToFileTime
GetSystemTime
FindResourceA
GetSystemInfo

user32

GetForegroundWindow
MessageBoxA
CharUpperBuffA
GetClassNameA
CharUpperBuffW

advapi32

RegQueryInfoKeyW
LookupAccountSidW
ConvertSidToStringSidA
CreateProcessAsUserW
LookupAccountNameW
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegUnLoadKeyW
RegLoadKeyW
ConvertSidToStringSidW
RegSetValueExW
RegQueryValueExW
SetFileSecurityW
SetSecurityDescriptorDacl
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
InitializeSecurityDescriptor
EqualSid
SetServiceStatus

msvcrt

strchr
memcpy
memset
_vsnwprintf
_vsnprintf
strncpy
_except_handler3
_ltoa

netapi32

NetApiBufferFree
NetUserEnum
NetGetDCName

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

3f77a9c8f34dfaf6c90a2696beb06168

Headers

DLL Characteristics

File Characteristics

Imports

userenv

ole32

shell32

setupapi

kernel32

user32

advapi32

msvcrt

netapi32

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 157KB - Virtual size: 157KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 157KB - Virtual size: 157KB

.reloc
Size: 4KB - Virtual size: 4KB