MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1dce0c1c728a8993702d7898a3711f8a771ae65c732f07572b70118e989b9682. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	1dce0c1c728a8993702d7898a3711f8a771ae65c732f07572b70118e989b9682
SHA3-384 hash:	6e6fd8a7f6d688b21bcd1e4dcc45efd7a7bb72eed5049aa5cdeb17c04eab8fbccb454e38909a96d7443e2808428dc35a
SHA1 hash:	b7faa1c3b9ad338277aeaa1e55e03b83bf5dd6db
MD5 hash:	a4337e38a3e4db72857ae4549bc39793
humanhash:	carolina-wyoming-tennessee-stairway
File name:	trotaamepu.zip
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	1'086'159 bytes
First seen:	2022-04-14 13:17:53 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:ScjnS2yeLgkzVOEgd+seltYM1bLk6qzbuuqmSK/lfO/hwBeGR6f5/:S/2yFagdupLCdqmP/lfOlGsf5/
TLSH	T19735330D12843B75E37C5D9023223018E2DAFA75B615E06AB5FD4BA6C16BDD2C9342FB
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	Anonymous
Tags:	zip

Intelligence

File Origin

# of uploads :

1

# of downloads :

216

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

TwinWave.EvilDoc.DataopWereSendingYouBack.220331.UNOFFICIAL

TwinWave.EvilDoc.XLSBLOLBINHammerToFall.20210414.UNOFFICIAL

Result

Verdict:

Malicious

File Type:

OOXML Excel File with Excel4Macro

Link:

https://app.docguard.net/1dce0c1c728a8993702d7898a3711f8a771ae65c732f07572b70118e989b9682/results/dashboard

Payload URLs

URL

File name

http://uri.etsi.org/01903#SignedProperties

sig1.xml

Document image

Image:

Verdict:

No Threat

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/62581f0effe27d5119ce7997/reports/9d697309-6ec0-4335-99d1-71d0e3f6a329/overview

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/1dce0c1c728a8993702d7898a3711f8a771ae65c732f07572b70118e989b9682

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1dce0c1c728a8993702d7898a3711f8a771ae65c732f07572b70118e989b9682/

Threat name:

Document-Office.Trojan.Heuristic

Status:

Malicious

First seen:

2022-04-14 13:18:10 UTC

File Type:

Binary (Archive)

Extracted files:

97

AV detection:

4 of 42 (9.52%)

Threat level:

2/5

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/220414-qjx1psdda8/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Process spawned unexpected child process

Malware Config

Dropper Extraction:

http://rommify.net/Mm2cPksfn0/Dmnh.png
http://c-logistica.com/qS4NKRYI/Dmnh.png
http://mhdti.com/e03BksINQKc/Dmnh.png

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.74

Link:

https://yomi.yoroi.company/submissions/1dce0c1c728a8993702d7898a3711f8a771ae65c732f07572b70118e989b9682

File information

The table below shows additional information about this malware sample such as delivery method and external references.

zip 1dce0c1c728a8993702d7898a3711f8a771ae65c732f07572b70118e989b9682

(this sample)

xlsx 275ad5eabe9fbc6b8752f97ef64d75211c86e49d29de67875de061813fc6162a

Link

https://hydroteckindia.com/eg/trotaamepu

Dropping

MD5 4aebbc615fbe8c8ca4ebc764aff7dd99

Delivery method

Distributed via e-mail link

Dropping

SHA256 275ad5eabe9fbc6b8752f97ef64d75211c86e49d29de67875de061813fc6162a

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample