qakbot | qakbot[.]dll-disk

Sharing

Copy URL

Twitter E-mail

General

Target

qakbot.dll-disk
Size

178KB
MD5

ef35f34c69e5cfbfb72cc5260f02a1e3
SHA1

7ede03c660c5c39a706ac0c2cc8a3ffb20dd3356
SHA256

6ad81b1b02c0b6a7a45d793397d5be8b5c1bebb0cfa80d737fa2ac5d79d50d7f
SHA512

fe8497134e21f068507d360daab443f43930634d7111ac69f029b621e85d5c62fe697d79f02c33c5ff1aa576d809793fb04f2e14712a7303514726d9e6235b48
SSDEEP

3072:naJXr+BqdIfsLi86zSpMV9nJH36QBnoxFnOTBfu0kTgxokao:nwXrXi88NNoxFnOTBW04g6kao

Score

10^/10

abc026 1604404702 qakbot

Malware Config

Extracted

Family

qakbot

Version

325.59

Botnet

abc026

Campaign

1604404702

96.243.35.201:443

46.53.16.93:443

217.165.2.92:995

37.106.7.143:443

67.6.55.77:443

89.136.39.108:443

2.50.58.76:443

188.25.158.61:443

45.63.107.192:995

45.32.154.10:443

94.52.160.116:443

45.63.107.192:2222

45.63.107.192:443

72.204.242.138:465

84.117.176.32:443

95.77.223.148:443

47.146.39.147:443

41.225.13.128:8443

80.14.209.42:2222

190.220.8.10:995

Signatures

Qakbot family
qakbot
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

qakbot.dll-disk

resource
qakbot.dll-disk

Files

qakbot.dll-disk
.dll windows:5 windows x86 arch:x86

fdeecfe7423559ec95eecd8f1f9d0992

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_wcsicmp
_HUGE
localeconv
malloc
free
qsort
_time64
memcpy
memmove
memcmp
strlen
strncpy
memset
strcmp
strncmp
strstr
_vsnwprintf
_vsnprintf
atol
strchr
_snprintf
_strtoi64
_errno
memchr
strtod

iphlpapi

GetIpAddrTable
GetBestRoute

psapi

GetModuleFileNameExW

ws2_32

connect
getsockname
send
ntohs
getaddrinfo
gethostbyname
setsockopt
sendto
bind
freeaddrinfo
WSAIoctl
select
WSAGetLastError
recv
socket
__WSAFDIsSet
closesocket
accept
inet_addr
WSAStartup
inet_ntoa
ioctlsocket
htons
listen
getnameinfo
gethostbyaddr

shell32

SHGetFolderPathW

shlwapi

StrStrIW
StrCmpNA

ole32

CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance

kernel32

SwitchToThread
lstrcmpA
GetCurrentProcess
SleepEx
GetCurrentThread
TerminateThread
Sleep
GetExitCodeThread
CreateMutexA
DuplicateHandle
lstrlenA
lstrcatA
lstrcpyA
TerminateProcess
ResumeThread
lstrcatW
lstrcpynW
lstrlenW
lstrcmpiW
ConnectNamedPipe
ReadFile
DisconnectNamedPipe
GetLastError
CreateNamedPipeA
ExitProcess
WaitForSingleObject
CreateEventA
GetProcessId
CloseHandle
GetEnvironmentVariableW
SetEnvironmentVariableW
SetThreadPriority
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
CreateThread
CreateDirectoryW
MoveFileW
GetComputerNameW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
DeleteCriticalSection
DeleteFileW
lstrcpynA
GetVersionExA
lstrcmpiA
GetFileSize
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
ReleaseMutex
FreeLibrary
GetModuleHandleW
LoadLibraryW
CopyFileW
GetProcAddress
WideCharToMultiByte
GetEnvironmentVariableA
MultiByteToWideChar
GetSystemTimeAsFileTime
LoadLibraryA
HeapCreate
OpenProcess
GetModuleHandleA
SetLastError
CreateProcessW
GetExitCodeProcess
Process32FirstW
CreatePipe
Process32NextW
FindFirstFileW
GetFileAttributesW
FindNextFileW
SetFileAttributesW
lstrcmpW
LocalAlloc
SetFilePointer
GetLocalTime
WriteFile
FlushFileBuffers
SetEvent
OpenEventA
GetTickCount
GetModuleFileNameW
GetSystemInfo
SetEnvironmentVariableA
GetWindowsDirectoryW
VirtualAlloc
SystemTimeToFileTime
GetSystemTime
InterlockedIncrement

user32

GetSystemMetrics
FindWindowA
PostMessageA
CharUpperBuffA
MessageBoxA

advapi32

GetSidSubAuthority
RegCloseKey
GetUserNameW
LookupAccountSidW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
OpenProcessToken
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
EqualSid
IsTextUnicode
CryptAcquireContextA

oleaut32

SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
SafeArrayGetLBound
SysAllocString
SysFreeString
VariantInit
VariantClear

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

fdeecfe7423559ec95eecd8f1f9d0992

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

iphlpapi

psapi

ws2_32

shell32

shlwapi

ole32

kernel32

user32

advapi32

oleaut32

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 3KB - Virtual size: 14KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 3KB - Virtual size: 14KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 6KB - Virtual size: 5KB