MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 057a01850c142230544710ea363b2af54cd5ddbf299a103e10e9d3cbbee6f021. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 057a01850c142230544710ea363b2af54cd5ddbf299a103e10e9d3cbbee6f021
SHA3-384 hash: b8ed9d0f8df555d668a9cb7ff4feb2ce543f88f2b67ce95a8f1ebeac2c81222c335d891ba1edeb15b0e932f262b3755a
SHA1 hash: 62e0ef047748b067296e27c0378eb8d454a215bd
MD5 hash: e96f2e64c4bb69690466eed394e3ef63
humanhash: washington-eight-iowa-item
File name:e96f2e64c4bb69690466eed394e3ef63
Download: download sample
Signature Quakbot
Create hunting rule
File size:366'470 bytes
First seen:2023-02-08 21:54:07 UTC
Last seen:2023-02-08 23:30:40 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 0cc8ba71b98afd867de0195f0d6030f9 (5 x Quakbot)
ssdeep 6144:c8HwSJZ88IKeVSi5CHvJITRTcKY+UC6vmtmHkRCoqd0WGCFrV0grgBv4:c8HwSJG83i5CPqTCKY+cORqdKCFx08b
TLSH T137747E16A60394F6C8573AB31297E1DF3A24A709C4105F6EDFB81C24FBB6900A57936B
TrID 32.2% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
20.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter zbetcheckin
Tags:32 dll exe Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
195
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/362331/
Detection(s):
SecuriteInfo.com.Win32.TrojanX-gen.29564.13088.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug overlay packed
Link:
https://www.filescan.io/uploads/63e41a37459bcf4604ffa2fc/reports/bd5df995-ebb4-4b1c-8499-837628d2974e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/057a01850c142230544710ea363b2af54cd5ddbf299a103e10e9d3cbbee6f021
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/99c97b8f-a82d-47b2-8d83-882735b60ded
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1169309
Signature
Found API chain indicative of debugger detection
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 802090 Sample: vMftrL6lnn.dll Startdate: 08/02/2023 Architecture: WINDOWS Score: 52 38 Multi AV Scanner detection for submitted file 2->38 8 loaddll32.exe 1 2->8         started        process3 process4 10 rundll32.exe 8->10         started        13 cmd.exe 1 8->13         started        15 rundll32.exe 8->15         started        17 7 other processes 8->17 signatures5 40 Found API chain indicative of debugger detection 10->40 19 WerFault.exe 4 9 10->19         started        21 rundll32.exe 13->21         started        23 WerFault.exe 15->23         started        26 WerFault.exe 2 9 17->26         started        28 WerFault.exe 9 17->28         started        30 WerFault.exe 17->30         started        32 2 other processes 17->32 process6 dnsIp7 34 WerFault.exe 24 10 21->34         started        36 192.168.2.1 unknown unknown 23->36 process8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/057a01850c142230544710ea363b2af54cd5ddbf299a103e10e9d3cbbee6f021/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2023-02-08 21:55:06 UTC
File Type:
PE (Dll)
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=av5adbimcqrdavchcdvdmozk6vgnlxn7fgnbapqq5hj4xpxg6aqq._file
Verdict:
malicious
Label(s):
qakbot
Create hunting rule
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230208-1srkdshb39/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
057a01850c142230544710ea363b2af54cd5ddbf299a103e10e9d3cbbee6f021
MD5 hash:
e96f2e64c4bb69690466eed394e3ef63
SHA1 hash:
62e0ef047748b067296e27c0378eb8d454a215bd
Link:
https://www.unpac.me/results/2c69e84d-2e0b-47b0-99dc-8e704c11d600/
Malware family:
QBot
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/057a01850c14/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/057a01850c142230544710ea363b2af54cd5ddbf299a103e10e9d3cbbee6f021

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

DLL dll 057a01850c142230544710ea363b2af54cd5ddbf299a103e10e9d3cbbee6f021

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/362331/
  
URLhaus
https://urlhaus.abuse.ch/url/2534500/

Comments


Avatar
zbet commented on 2023-02-08 21:54:16 UTC

url : hxxps://famille2point0.com/oghHO/01.png