MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 154bb70ce4102c04094ec6076d61fcdbb53bdb01e8e401fbeeab42e667cc7778. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	154bb70ce4102c04094ec6076d61fcdbb53bdb01e8e401fbeeab42e667cc7778
SHA3-384 hash:	1631cdb52544c1cd1d2adf5d2b46d6e13eaeb31424c931d7e6792a4b17ae2dbcfaadfccb094b40477bedf591f04cce8f
SHA1 hash:	f129ba34313f97f973d1ed7df6df69e383428d5c
MD5 hash:	70fea7d5e2aee066022e34afd14fe251
humanhash:	echo-pasta-ohio-finch
File name:	70fea7d5e2aee066022e34afd14fe251.dll
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	1'472'260 bytes
First seen:	2021-05-05 13:32:54 UTC
Last seen:	2021-05-05 15:17:41 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	413398ffac649594b2b53c025e6614ac (8 x Quakbot)
ssdeep	24576:LAboz/I6budWhdq9EROsB3OPh1tWVJFgQbpXLGmw5h:sbeeGRuPPu7Uh
Threatray	1'374 similar samples on MalwareBazaar
TLSH	64657C31B1D2C437D473267C9D6BA29D982A7D111E28985B7AE40F4CDF3A6803E2D2D7
Reporter	abuse_ch
Tags:	dll Quakbot

Intelligence

File Origin

# of uploads :

# of downloads :

112

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/150648/

Detection(s):

SecuriteInfo.com.Trojan.Inject4.10522.24170.16439.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/154bb70ce4102c04094ec6076d61fcdbb53bdb01e8e401fbeeab42e667cc7778/

Threat name:

Win32.Trojan.PinkSbot

Status:

Malicious

First seen:

2021-05-05 09:28:51 UTC

AV detection:

32 of 43 (74.42%)

Threat level:

5/5

Verdict:

malicious

Label(s):

qakbot

Result

Malware family:

qakbot

Score:

10/10

Tags:

family:qakbot banker stealer trojan

Link:

https://tria.ge/reports/210505-2d2lts76s6/

Behaviour

Suspicious use of WriteProcessMemory

Qakbot/Qbot

Unpacked files

SH256 hash:

7619461407e44e26ce67a2e58efc5a623fc7fdc9405c6c34bfbb2dc1bf2dd979

MD5 hash:

94d588e7ff85acad0eedfc597351b035

SHA1 hash:

f8eea0c88aa6ab4b45e0a6d8febfbf09d6a2402a

Detections:

win_qakbot_auto

Link:

https://www.unpac.me/results/acbf3a68-b628-410c-9484-43a7ea19452e/

SH256 hash:

154bb70ce4102c04094ec6076d61fcdbb53bdb01e8e401fbeeab42e667cc7778

MD5 hash:

70fea7d5e2aee066022e34afd14fe251

SHA1 hash:

f129ba34313f97f973d1ed7df6df69e383428d5c

Link:

https://www.unpac.me/results/acbf3a68-b628-410c-9484-43a7ea19452e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/154bb70ce4102c04094ec6076d61fcdbb53bdb01e8e401fbeeab42e667cc7778

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

DLL dll 154bb70ce4102c04094ec6076d61fcdbb53bdb01e8e401fbeeab42e667cc7778

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1107438/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/150648/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample