General

  • Target

    f18ec61bcd6c328fcb7e3c288c7f8f1ba69f84c643d355d40372fba6cb8bc65b

  • Size

    204KB

  • MD5

    479d7c9aae86c3382aed04aac4fdd656

  • SHA1

    32a40bccd7212e17ccd6d4dcc5ec0e0d9489b81a

  • SHA256

    f18ec61bcd6c328fcb7e3c288c7f8f1ba69f84c643d355d40372fba6cb8bc65b

  • SHA512

    9337ba7b1c45e5a81e00e9c5b7545b381e2e9bdf9df7014281c785c90fc18e6d5b41c5d12eb2f98f997a70b43f1ac1a259081bfd440c815cc6e0d428b7b2b600

  • SSDEEP

    3072:YaMXwmjoFlRV/rrgx3whtXqZiBX2u8jZcwrFPOTBf/5PyHk02L2fG7:YfF8jrgxA/XWCwrFPOTB35Pak0xG

Malware Config

Extracted

Family

qakbot

Version

324.142

Botnet

notset

Campaign

1590741916

Credentials

  • Protocol:
    ftp
  • Host:
    192.185.5.208
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    NxdkxAp4dUsY

  • Protocol:
    ftp
  • Host:
    162.241.218.118
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    EcOV0DyGVgVN

  • Protocol:
    ftp
  • Host:
    69.89.31.139
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    fcR7OvyLrMW6!

  • Protocol:
    ftp
  • Host:
    169.207.67.14
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    eQyicNLzzqPN
C2

108.227.161.27:995

173.187.103.35:443

117.216.185.86:443

24.43.22.220:443

72.190.101.70:443

207.255.161.8:2087

189.160.217.221:443

207.255.161.8:32102

24.226.137.154:443

66.222.88.126:995

108.58.9.238:995

1.40.42.4:443

47.152.210.233:443

72.45.14.185:443

82.127.193.151:2222

101.108.113.6:443

175.111.128.234:995

175.111.128.234:443

47.39.76.74:443

5.12.214.109:2222

Signatures

  • Qakbot family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • f18ec61bcd6c328fcb7e3c288c7f8f1ba69f84c643d355d40372fba6cb8bc65b
    .dll windows:5 windows x86 arch:x86

    8c4410de7954b8f0f72e0763592dfe54


    Headers

    Imports

    Sections