MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1dce0c1c728a8993702d7898a3711f8a771ae65c732f07572b70118e989b9682. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Quakbot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments

SHA256 hash: 1dce0c1c728a8993702d7898a3711f8a771ae65c732f07572b70118e989b9682
SHA3-384 hash: 6e6fd8a7f6d688b21bcd1e4dcc45efd7a7bb72eed5049aa5cdeb17c04eab8fbccb454e38909a96d7443e2808428dc35a
SHA1 hash: b7faa1c3b9ad338277aeaa1e55e03b83bf5dd6db
MD5 hash: a4337e38a3e4db72857ae4549bc39793
humanhash: carolina-wyoming-tennessee-stairway
File name:trotaamepu.zip
Download: download sample
Signature Quakbot
File size:1'086'159 bytes
First seen:2022-04-14 13:17:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:ScjnS2yeLgkzVOEgd+seltYM1bLk6qzbuuqmSK/lfO/hwBeGR6f5/:S/2yFagdupLCdqmP/lfOlGsf5/
TLSH T19735330D12843B75E37C5D9023223018E2DAFA75B615E06AB5FD4BA6C16BDD2C9342FB
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter Anonymous
Tags:zip

Intelligence


File Origin
# of uploads :
1
# of downloads :
216
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malicious
File Type:
OOXML Excel File with Excel4Macro
Payload URLs
URL
File name
http://uri.etsi.org/01903#SignedProperties
sig1.xml
Document image
Document image
Threat name:
Document-Office.Trojan.Heuristic
Status:
Malicious
First seen:
2022-04-14 13:18:10 UTC
File Type:
Binary (Archive)
Extracted files:
97
AV detection:
4 of 42 (9.52%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Process spawned unexpected child process
Malware Config
Dropper Extraction:
http://rommify.net/Mm2cPksfn0/Dmnh.png
http://c-logistica.com/qS4NKRYI/Dmnh.png
http://mhdti.com/e03BksINQKc/Dmnh.png
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Quakbot

zip 1dce0c1c728a8993702d7898a3711f8a771ae65c732f07572b70118e989b9682

(this sample)

  
Delivery method
Distributed via e-mail link

Comments