qakbot | 0591b9f44896998680d77c5881c51b66_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0591b9f44896998680d77c5881c51b66_JaffaCakes118
Size

119KB
MD5

0591b9f44896998680d77c5881c51b66
SHA1

ea5a5df13b59551ee0e4d9e236533ff3c403b7f2
SHA256

7cbdfe98755310c2bd35dab24598740eaeba5ee96b1a6f9078bb0cc8c52aac6e
SHA512

7f28c7093c60ab3707fb8f21a71c80006e15d93e62315659e34bf3cf8e1c91756628e178a58bdfad204504984656df9bb6c0e312e56d2a2fe1a39e775f36f101
SSDEEP

1536:gUPcYXcs+0RYFkfnnUWy2JSC1/8+4Tm88JlNhmwPlDIOEnToIfwYToqMglh:C4UkcWbJDN74TGJnhfPToTBfwXglh

Score

10^/10

tr 1632730751 qakbot

Malware Config

Extracted

Family

qakbot

Version

402.343

Botnet

Campaign

1632730751

95.77.223.148:443

47.22.148.6:443

89.101.97.139:443

27.223.92.142:995

120.151.47.189:443

136.232.34.70:443

120.150.218.241:995

185.250.148.74:443

181.118.183.94:443

140.82.49.12:443

67.165.206.193:993

103.148.120.144:443

71.74.12.34:443

76.25.142.196:443

73.151.236.31:443

173.21.10.71:2222

75.188.35.168:443

2.178.88.145:61202

71.80.168.245:443

45.46.53.140:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0591b9f44896998680d77c5881c51b66_JaffaCakes118

Files

0591b9f44896998680d77c5881c51b66_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

7b3bf330d8b8bdc633b50cd4fbfebe95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_ntoa

msvcrt

localeconv
strtod
strchr
strncpy
_time64
malloc
free
memset
memchr
_strtoi64
_ftol2_sse
_vsnwprintf
memcpy
atol
_errno
qsort
_snprintf
_vsnprintf

kernel32

GetWindowsDirectoryW
GetSystemInfo
GetTickCount
LoadLibraryW
FlushFileBuffers
GetVersionExA
lstrcmpiA
LocalAlloc
SetFileAttributesW
FindNextFileW
FindFirstFileW
GetExitCodeProcess
GetCurrentProcess
CreateMutexA
lstrcmpA
DuplicateHandle
GetCurrentThread
lstrcpynA
GetLastError
lstrcatA
CreateDirectoryW
DisconnectNamedPipe
lstrcpynW
GetProcessId
lstrcatW
lstrcpyW
GetCurrentProcessId
lstrcmpiW
SetLastError
OutputDebugStringA
GetModuleFileNameW
GetFileAttributesW
GetModuleHandleA
MultiByteToWideChar
GetDriveTypeW
K32GetModuleFileNameExW
MoveFileW
SwitchToThread
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
WideCharToMultiByte
LoadLibraryA
FreeLibrary
GetSystemTimeAsFileTime
SetThreadPriority
CreatePipe

user32

DestroyWindow
CreateWindowExA
UnregisterClassA
RegisterClassExA
CharUpperBuffA
DefWindowProcA
CharUpperBuffW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
SysFreeString
VariantClear
SysAllocString

Exports

Exports

DllRegisterServer

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

7b3bf330d8b8bdc633b50cd4fbfebe95

Headers

File Characteristics

Imports

ws2_32

msvcrt

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 89KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 6KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 544B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 90KB - Virtual size: 89KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 544B

.reloc
Size: 3KB - Virtual size: 3KB