MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14680e48e2c6bdec71e8b1cc4d82fc4ffe7b813d0665bd69a419f1a564ec63b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14680e48e2c6bdec71e8b1cc4d82fc4ffe7b813d0665bd69a419f1a564ec63b7
SHA3-384 hash: 716c49d3e5ab97c1aad3b819c3aebdaeb9bd6c114a4a45d302f7524f54ffb506ff552e219418190d8fcb350e7708542d
SHA1 hash: b1bedf9f408480d4a454a452dc5fe95ea0695786
MD5 hash: ec448bd82cadfc5bcc9667c135e8325f
humanhash: freddie-neptune-missouri-quebec
File name:82467.dat
Download: download sample
Signature Quakbot
Create hunting rule
File size:1'761'280 bytes
First seen:2023-02-03 15:37:45 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash a3432b773266dde6a100dba767517009 (9 x Quakbot)
ssdeep 24576:zrj3nPW3ednWPiT8VTBqcATV8KIyydLXGcq8z+0uaEYmgEJ/tc1:T3nCeCiT8aHxyM18z+XatEJ1
Threatray 1'924 similar samples on MalwareBazaar
TLSH T1D985AD1242CC129AF14D3B78243C1F7FD3BBB7A87B19634E9654B8A9AFAB7D34115600
TrID 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.7% (.EXE) Win64 Executable (generic) (10523/12/4)
7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon 0000000000000000 (872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer)
Reporter Casperinous
Tags:dll Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
205
Origin country :
GR GR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/359961/
Result
Verdict:
Clean
Maliciousness:
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
greyware packed shell32.dll
Link:
https://www.filescan.io/uploads/63dd2a5b447edb203a029f57/reports/1e0254d1-ee30-4a99-9e55-f6e64ea0f060/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/14680e48e2c6bdec71e8b1cc4d82fc4ffe7b813d0665bd69a419f1a564ec63b7
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/7f028973-ef44-4075-8b05-a79cfac71e18
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1165230
Signature
Sigma detected: Execute DLL with spoofed extension
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 798002 Sample: 82467.dat.dll Startdate: 03/02/2023 Architecture: WINDOWS Score: 48 37 Sigma detected: Execute DLL with spoofed extension 2->37 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 7 other processes 8->16 process5 18 rundll32.exe 10->18         started        20 WerFault.exe 9 12->20         started        23 WerFault.exe 3 9 14->23         started        25 WerFault.exe 9 16->25         started        27 WerFault.exe 16->27         started        29 WerFault.exe 16->29         started        31 2 other processes 16->31 dnsIp6 33 WerFault.exe 25 12 18->33         started        35 192.168.2.1 unknown unknown 20->35 process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/14680e48e2c6bdec71e8b1cc4d82fc4ffe7b813d0665bd69a419f1a564ec63b7/
Threat name:
Win32.Trojan.BotX
Create hunting rule
Status:
Malicious
First seen:
2023-02-03 15:38:08 UTC
File Type:
PE (Dll)
Extracted files:
4
AV detection:
13 of 26 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=crua4shcy266y4piwhge3ax4j77hxaj5azs322nedhy2kzhmmo3q._file
Verdict:
malicious
Label(s):
qakbot
Create hunting rule
Similar samples:
1b1a6b891687bea71774e3f1776b73fee79602f960eb9cae891ad2c5acb277cf
Quakbot
26a5c35034800e786a979358b4cd86cc15ddef9abdf711fd2d3cd38ba59ee4c2
Quakbot
284f0fabbdfc1172cb1cbf74473321668c4b31789d93158669f6735bec124817
Quakbot
2e698c8ff8399eaf27d2dda8fed11d151fcf4d723715468fe1dcc298ac32aa36
Quakbot
3de82b2ddaafc7205365b88a5033be0260b97946dfeb10372b9d4c1db7f59c22
Quakbot
57f86a03dcb2a9ebdd6d7184201cef6ba9d70f57aa524682857d4e7a27ec57ae
Quakbot
5f919b98fe0692407761b9fbc869cfd47cecf3d7386ae340a16f04af4673c2ba
Quakbot
c259bf6cdeab63308fdcd798420eb4cc01505602210388a17d8b276112fd3956
Quakbot
cfef52c6925ba86878bf04f20ad3561de1f0bd0bec7a3719a677c397a29bd934
Quakbot
e0258e4d45a488bfa45356a5bc55080d7ecc273cd0c1cb7556960427fba9c23f
Quakbot
+ 1'914 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230203-s22gysfh82/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
14680e48e2c6bdec71e8b1cc4d82fc4ffe7b813d0665bd69a419f1a564ec63b7
MD5 hash:
ec448bd82cadfc5bcc9667c135e8325f
SHA1 hash:
b1bedf9f408480d4a454a452dc5fe95ea0695786
Link:
https://www.unpac.me/results/65c4a7dc-d400-47a5-82bd-054df0c0b8ca/
Malware family:
QBot
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/14680e48e2c6/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/14680e48e2c6bdec71e8b1cc4d82fc4ffe7b813d0665bd69a419f1a564ec63b7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/359961/

Comments