Overview

overview

10

Static

static

10

2640-2-0x0...ry.dll

windows7-x64

3

2640-2-0x0...ry.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2640-2-0x0000000010000000-0x000000001004A000-memory.dmp

  • Size

    296KB

  • MD5

    38d47f7497b88aa48ceaf0a77674ceec

  • SHA1

    5f4598a47b68ae07ce2d7d4746910568f4410973

  • SHA256

    841a7a365207b3dcbeb26facd4a535487aa2a9360007f852438d3893977378be

  • SHA512

    7210f5c9e4847ee9e5edce2cf43d8dfcb727647a7688ddb2815264ada86cc1a43090f3ba0a26e9d31596581677edba3da0d9fbf0ea1eefde756e52a1da051d0b

  • SSDEEP

    3072:lOCijIiXViDIn2tt+GFBJ5OTBftuhWUw:lbvwGFH5OTB1uhWH

Score
10/10
abc1041606818862qakbot

Malware Config

Extracted

Family

qakbot

Version

401.51

Botnet

abc104

Campaign

1606818862

C2

79.119.124.237:443

87.218.53.206:2222

181.169.88.203:443

82.12.157.95:995

94.49.188.240:443

46.124.107.124:6881

86.122.248.164:2222

83.202.68.220:2222

79.129.216.215:2222

37.21.231.245:995

47.187.49.3:2222

2.90.33.130:443

149.28.98.196:995

149.28.99.97:443

45.63.107.192:995

149.28.98.196:2222

45.63.107.192:2222

74.73.27.35:443

149.28.98.196:443

144.202.38.185:2222
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Signatures

  • Qakbot family
    qakbot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2640-2-0x0000000010000000-0x000000001004A000-memory.dmp
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections