MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b1a6b891687bea71774e3f1776b73fee79602f960eb9cae891ad2c5acb277cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b1a6b891687bea71774e3f1776b73fee79602f960eb9cae891ad2c5acb277cf
SHA3-384 hash: b0b781052bc16cbd2e58630b90508b5da7f1fe41b614c39663e0f61400a0eb4ea6ea844efde537dc61dd483c6b78fc33
SHA1 hash: 0ebcef14cd6dd4b91ece3af089b46eb0d8b2944c
MD5 hash: e64839d5ad542e22f9562ea492080e3e
humanhash: johnny-timing-diet-carpet
File name:17129.dat
Download: download sample
Signature Quakbot
Create hunting rule
File size:656'056 bytes
First seen:2023-02-01 14:15:06 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash ba10210792cf2849761b9bb94eae1772 (8 x Quakbot)
ssdeep 12288:QljQRl3iZwl3JBrySD9CkkgC28DWl0RJK2LgAN4c1DJ92trs1tTe3+uZ:Q9WZiZCCMCkkBRDeSjcjc1DJ92ts1tyJ
TLSH T1C8D48D11EA4398BACD5713714223F72F1739E7A0A43ACBCBD99C2C29DD139D1B64970A
TrID 29.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
18.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.7% (.FON) Windows Font (5545/9/1)
8.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter Anonymous
Tags:dll Quakbot


Avatar
Anonymous
http://141.164.35.94/17129.dat

Intelligence

File Origin
# of uploads :
1
# of downloads :
189
Origin country :
CH CH
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/359013/
Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
spyeye
Link:
https://www.filescan.io/uploads/63da7424447edb203a0261f9/reports/3e74175c-f131-45dc-ba65-84c3a6e9cfb9/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/556c018e-e188-468d-8a3a-b59bef20fa6a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1163250
Signature
Sigma detected: Execute DLL with spoofed extension
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 796009 Sample: 17129.dat.dll Startdate: 01/02/2023 Architecture: WINDOWS Score: 48 35 Sigma detected: Execute DLL with spoofed extension 2->35 8 loaddll32.exe 1 2->8         started        process3 process4 10 rundll32.exe 8->10         started        12 rundll32.exe 8->12         started        14 cmd.exe 1 8->14         started        16 7 other processes 8->16 process5 18 WerFault.exe 9 10->18         started        21 WerFault.exe 9 12->21         started        23 rundll32.exe 14->23         started        25 WerFault.exe 11 16->25         started        27 WerFault.exe 9 16->27         started        29 WerFault.exe 20 9 16->29         started        dnsIp6 33 192.168.2.1 unknown unknown 18->33 31 conhost.exe 21->31         started        process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b1a6b891687bea71774e3f1776b73fee79602f960eb9cae891ad2c5acb277cf/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2023-02-01 14:16:08 UTC
File Type:
PE (Dll)
AV detection:
10 of 26 (38.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dmngxciwq67kof3u4pyxo23t73tzmaxzmdvzzlujdljmllfso7hq._file
Verdict:
malicious
Label(s):
qakbot
Create hunting rule
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230201-rk5mlsaa45/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
1b1a6b891687bea71774e3f1776b73fee79602f960eb9cae891ad2c5acb277cf
MD5 hash:
e64839d5ad542e22f9562ea492080e3e
SHA1 hash:
0ebcef14cd6dd4b91ece3af089b46eb0d8b2944c
Link:
https://www.unpac.me/results/bf5b7a6c-d7c7-42bc-b55b-508becc43ae4/
Malware family:
QBot
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/1b1a6b891687/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/1b1a6b891687bea71774e3f1776b73fee79602f960eb9cae891ad2c5acb277cf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Quakbot

DLL dll 1b1a6b891687bea71774e3f1776b73fee79602f960eb9cae891ad2c5acb277cf

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/359013/

Comments