MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16a7669fb295872d866b35e8d534b50ff537ec8fa2831cef5eba034e711fc080. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16a7669fb295872d866b35e8d534b50ff537ec8fa2831cef5eba034e711fc080
SHA3-384 hash: abef5b7ece4dca74e80052136cf8be93ef135e879cb8a96e4fe5c711758a1c216f0713e3bd74c8fd0075b50bab9badcb
SHA1 hash: 8f85885853b5f488437834025872af9a778af038
MD5 hash: 9106f6e91fc66ca35dc62a259112f7a0
humanhash: sierra-johnny-kitten-may
File name:9106f6e91fc66ca35dc62a259112f7a0.dll
Download: download sample
Signature Quakbot
Create hunting rule
File size:1'350'795 bytes
First seen:2021-04-15 14:59:22 UTC
Last seen:2021-04-15 15:51:24 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 413398ffac649594b2b53c025e6614ac (8 x Quakbot)
ssdeep 24576:LAboz/I6budWhdq9EROsB3OPh1tWVJFgQbpXLGeQ:sbeeGRuPPulQ
Threatray 93 similar samples on MalwareBazaar
TLSH D2556B31B1D2C437D473367C8D6BE2D8946A7D111D29D91A3AD50E4CCFBAA80393E29B
Reporter abuse_ch
Tags:dll Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.10522.30647.16985.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/16a7669fb295872d866b35e8d534b50ff537ec8fa2831cef5eba034e711fc080/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2021-04-13 22:25:43 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c2twnh5sswds3btlgxunknfvb72tp3epukbrz326xibu44i7ycaa._file
Verdict:
unknown
Similar samples:
1b5b729d7d3c954efe6f4c43c2f70d130d7305b073b851bfb119c6c84a473599
Quakbot
2c94a7e8ffd221e0d563d8ccc9252b70cea56388ebd9b4441f9a728fa4020507
Quakbot
4234445e1e7ae3a364aa22f0cf78f81ef48b1237df828b99622bdd486838f4cb
Quakbot
59b1c54f0a9ecc48d6f2c567c4344411cde31ece7a1759b84cb84a8484792c13
Quakbot
6444ade4163af4453f7dade0e9a9bd29a69ad5e78e5ec0b729fbc42f7cc14d5b
Quakbot
70289206a05f5f5a83afa162b4fdbf5cd5d2ebfc9e8615d6d9e42ac839fd4302
Quakbot
7415acfc01aab21b05ce23c957a9a73fb0e6a563efb2e5dbf4451dc6a7d4ccdd
Quakbot
95b1af57dc6a824ea2eeec14ab041629dbbb75179f56723fe7426245ab67a0ea
Quakbot
b2a2fecf72a5b1266654a8400d0929f45b91ac3a491fce7a470c063872fc7958
Quakbot
ca14dd19ab553fa613a98a71f1d50ef73b9f91436f47b1a35c9ea8a4be2c2cc5
Quakbot
+ 83 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210415-lmvrea8kan/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
16a7669fb295872d866b35e8d534b50ff537ec8fa2831cef5eba034e711fc080
MD5 hash:
9106f6e91fc66ca35dc62a259112f7a0
SHA1 hash:
8f85885853b5f488437834025872af9a778af038
Link:
https://www.unpac.me/results/e94637c2-1a15-4e92-b2a6-3995f0be20ce/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
qbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/16a7669fb295872d866b35e8d534b50ff537ec8fa2831cef5eba034e711fc080

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

DLL dll 16a7669fb295872d866b35e8d534b50ff537ec8fa2831cef5eba034e711fc080

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1101528/
  
Delivery method
Distributed via web download

Comments