MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 022d1d6da141529bf2f6357fa466603d8544b4151d0d4534cd51c3e05d1dd1d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 022d1d6da141529bf2f6357fa466603d8544b4151d0d4534cd51c3e05d1dd1d5
SHA3-384 hash: 03643fe2603fbb60f9ca4b2b61373539f6602ef313eac2d85d8a4036d0f6f72864b898931e14ccf7ac136b1e872a6440
SHA1 hash: 3516a9ba9fdce1d9c0f9ca5189ec5d85d6d93746
MD5 hash: d6180c6ef7d81af0127fcdbf1841e9af
humanhash: lamp-speaker-alabama-xray
File name:01.png
Download: download sample
Signature Quakbot
Create hunting rule
File size:366'650 bytes
First seen:2023-02-08 16:02:21 UTC
Last seen:2023-02-08 17:31:27 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 0cc8ba71b98afd867de0195f0d6030f9 (5 x Quakbot)
ssdeep 6144:68HwSJZ88IKeVSi5CHvJITRTcKY+UC6vmtmHkRCfDg6vlIDAtYf3FawrI159A0:68HwSJG83i5CPqTCKY+cOOMAtYfweu5x
Threatray 1'936 similar samples on MalwareBazaar
TLSH T101746E16A60394F6C8573AB31297D1DF3A24B709C4105F6EDFF82C24FBB6900A5B9267
TrID 32.2% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
20.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter proxylife
Tags:1675848844 BB14 dll Qakbot Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
221
Origin country :
TH TH
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/362065/
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.22372.21520.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
anti-debug overlay packed
Link:
https://www.filescan.io/uploads/63e3c7b7c7ca3840b5a0f7f0/reports/1491d520-2826-4eb5-9eb3-5752d6e355b7/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/022d1d6da141529bf2f6357fa466603d8544b4151d0d4534cd51c3e05d1dd1d5
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a9ff59f7-fbd6-48bb-a252-8f4644d85981
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/022d1d6da141529bf2f6357fa466603d8544b4151d0d4534cd51c3e05d1dd1d5/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2023-02-08 16:03:06 UTC
File Type:
PE (Dll)
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=aiwr23nbifjjx4xwgv72iztahwcujnavdugukngnkhb6axi52hkq._file
Verdict:
malicious
Label(s):
qakbot
Create hunting rule
Similar samples:
1b1a6b891687bea71774e3f1776b73fee79602f960eb9cae891ad2c5acb277cf
Quakbot
284f0fabbdfc1172cb1cbf74473321668c4b31789d93158669f6735bec124817
Quakbot
2e698c8ff8399eaf27d2dda8fed11d151fcf4d723715468fe1dcc298ac32aa36
Quakbot
3de82b2ddaafc7205365b88a5033be0260b97946dfeb10372b9d4c1db7f59c22
Quakbot
5f919b98fe0692407761b9fbc869cfd47cecf3d7386ae340a16f04af4673c2ba
Quakbot
69fc127cf404c0a8126d1489b099d67bef28852d47c0854d85d0df1ea9d7e903
Quakbot
73c6b431eb5a92719ba406a765d011aa709234af3675e9de4eff9c5f9edd3fe3
Quakbot
845900fb58adf3e8b086c9517dfc5deeaefb5e6be80606b8e93c21502d2fe44c
Quakbot
c259bf6cdeab63308fdcd798420eb4cc01505602210388a17d8b276112fd3956
Quakbot
e0258e4d45a488bfa45356a5bc55080d7ecc273cd0c1cb7556960427fba9c23f
Quakbot
+ 1'926 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230208-thbymaca2y/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
022d1d6da141529bf2f6357fa466603d8544b4151d0d4534cd51c3e05d1dd1d5
MD5 hash:
d6180c6ef7d81af0127fcdbf1841e9af
SHA1 hash:
3516a9ba9fdce1d9c0f9ca5189ec5d85d6d93746
Link:
https://www.unpac.me/results/98d8e66e-bd28-4664-890f-4415a0220086/
Malware family:
QBot
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/022d1d6da141/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/022d1d6da141529bf2f6357fa466603d8544b4151d0d4534cd51c3e05d1dd1d5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/362065/

Comments