MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 199e0fe45d95b255e25cfefd21f9689396bb925493cbccc3951c1c2414fe8e31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 199e0fe45d95b255e25cfefd21f9689396bb925493cbccc3951c1c2414fe8e31
SHA3-384 hash: a51d3069cc59b1be96693e7a8cd42786afe9ff65bc7e449e3bd5a575992ad60eec0b858bd399c1f2f6be5fdd00f76ada
SHA1 hash: e9e10cd172e6b393e45485872e43ceaa072537aa
MD5 hash: e085d7155cf7d71497c5d805a2ef4e74
humanhash: fifteen-north-romeo-two
File name:Accounting#1737.iso
Download: download sample
Signature Quakbot
Create hunting rule
File size:1'454'080 bytes
First seen:2022-09-27 17:07:57 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:CVPl57rJCnz6zTz+qAl5w9MAqsdjcMGz:ChtOqPHcM
TLSH T13D659D33A3904537C573263DAC2FA3A4992ABE103E38595A3EE81D4C1F365917D392E7
TrID 99.0% (.NULL) null bytes (2048000/1)
0.3% (.GL) GRASP animation (6509/7/3)
0.2% (.ISO) ISO 9660 CD image (5100/59/2)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
Reporter pr0xylife
Tags:1664292185 BB iso Qakbot Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
363
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.ISOICEDAllTheWayOut.20220816.UNOFFICIAL
Create hunting rule

TwinWave.EviLNK.ICEDYouLearn.20220914.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/63332df340cc7b8fd3c1fa02/reports/63bcccb9-fc58-4e5c-8654-13bd6ae923a2/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/199e0fe45d95b255e25cfefd21f9689396bb925493cbccc3951c1c2414fe8e31/
Threat name:
Shortcut.Trojan.Jaik
Create hunting rule
Status:
Malicious
First seen:
2022-09-27 17:08:11 UTC
File Type:
Binary (Archive)
Extracted files:
78
AV detection:
8 of 39 (20.51%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dgpa7zc5swzflys4736sd6lisollxesuspf4zq4vdqocifh6ryyq._file
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot botnet:bb campaign:1664292185 banker stealer trojan
Link:
https://tria.ge/reports/220927-vnjfbsfagp/
Behaviour
Enumerates physical storage devices
Malware Config
C2 Extraction:
212.102.56.47:443
189.189.89.32:443
85.245.143.94:443
110.238.39.214:443
185.233.79.238:995
85.94.178.73:995
193.3.19.137:443
193.254.32.156:443
154.237.49.4:995
41.104.77.244:443
181.206.46.7:443
186.16.163.94:443
75.71.96.226:995
179.111.23.186:32101
41.97.65.83:443
41.105.89.30:443
85.86.242.245:443
181.105.32.5:443
197.41.235.69:995
103.173.121.17:443
41.99.36.158:443
49.205.197.13:443
41.227.228.31:443
197.203.145.251:443
41.249.123.100:995
41.69.236.243:995
197.160.22.10:443
134.35.12.64:443
217.165.146.223:993
113.170.223.53:443
118.174.89.216:443
160.177.207.113:8443
41.107.112.236:995
105.96.207.25:443
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/199e0fe45d95b255e25cfefd21f9689396bb925493cbccc3951c1c2414fe8e31

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:iso_lnk
Create hunting rule
Author:tdawg

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments