MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 1df8d420198c7997c2e0bf9b63d74661ab21a0a9d5826d1b20deb2ece536cf80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 8
| SHA256 hash: | 1df8d420198c7997c2e0bf9b63d74661ab21a0a9d5826d1b20deb2ece536cf80 |
|---|---|
| SHA3-384 hash: | 4a1480d1374af751a24a562287ee6feaa551e1163ba91097a5f9a2f3176e1173af7b18652bd06e7e2056b5f7dab3fc00 |
| SHA1 hash: | 48d33e1ded8d73ba7b89a2c752af9383aabf6719 |
| MD5 hash: | e8726819a02ece11b8b9a13bd4e6fd7d |
| humanhash: | jig-muppet-ohio-eighteen |
| File name: | 1df8d420198c7997c2e0bf9b63d74661ab21a0a9d5826d1b20deb2ece536cf80 |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 1'330'401 bytes |
| First seen: | 2022-02-21 15:45:01 UTC |
| Last seen: | 2022-02-21 18:19:14 UTC |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | dcddb19dd38b423a228ad3b73e09198b (1 x Quakbot) |
| ssdeep | 24576:qXCJ8yWPDsINRzKVBnLS0ocUqhvomREUgrXrFkK22bF:q+ZSzyBLS0oa1jREUgrBkmb |
| Threatray | 36 similar samples on MalwareBazaar |
| TLSH | T12A55BF31B2A1647FC1733B789D2BA1D59C34BE116D24EC8D77D91F5E0E392422B212AE |
| File icon (PE): |  |
| dhash icon | 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner) |
| Reporter |  malwarelabnet |
| Tags: | dll Qakbot Quakbot tr |
Intelligence
File Origin
# of uploads :
2
# of downloads :
167
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Сreating synchronization primitives
Launching a process
Searching for synchronization primitives
Creating a window
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
control.exe explorer.exe greyware hacktool keylogger overlay packed
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Qakbot
Verdict:
Malicious
Threat name:
Win32.Trojan.QBot
Status:
Malicious
First seen:
2022-02-21 15:45:20 UTC
File Type:
PE (Dll)
Extracted files:
114
AV detection:
20 of 28 (71.43%)
Threat level:
5/5
Verdict:
malicious
Label(s):
qakbot
Similar samples:
+ 26 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot botnet:tr campaign:1645202988 banker evasion stealer trojan
Behaviour
Checks processor information in registry
Creates scheduled task(s)
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Loads dropped DLL
Qakbot/Qbot
Suspicious use of NtCreateProcessExOtherParentProcess
Windows security bypass
Malware Config
C2 Extraction:
217.128.122.65:2222
39.49.75.245:995
217.165.146.122:32101
173.174.216.62:443
208.107.221.224:443
92.177.45.46:2078
119.158.116.122:995
67.209.195.198:443
32.221.231.1:443
89.211.179.202:2222
109.12.111.14:443
70.45.27.254:443
173.220.98.101:443
75.156.151.34:443
103.87.95.131:2222
190.206.211.182:443
2.50.41.69:61200
82.152.39.39:443
89.101.97.139:443
176.45.252.83:995
75.99.168.194:61201
74.15.2.252:2222
139.64.34.193:995
217.164.115.166:2222
102.47.31.216:995
149.135.101.20:443
197.92.132.79:443
41.232.210.78:443
105.184.190.206:995
190.73.3.148:2222
96.21.251.127:2222
176.67.56.94:443
66.230.104.103:443
206.217.0.154:995
186.64.87.194:443
70.51.137.204:2222
47.180.172.159:443
209.210.95.228:32100
75.99.168.194:443
180.233.150.134:995
140.82.49.12:443
190.189.33.6:443
173.21.10.71:2222
47.180.172.159:50010
41.84.246.64:995
86.98.11.110:443
5.89.175.136:443
111.125.245.116:995
196.74.177.152:443
24.178.196.158:2222
100.1.108.246:443
196.203.37.215:80
72.252.201.34:990
114.79.148.170:443
120.150.218.241:995
105.184.116.32:995
31.35.28.29:443
78.96.235.245:443
72.252.201.34:995
102.65.38.67:443
144.202.2.175:995
136.232.34.70:443
69.14.172.24:443
136.143.11.232:443
103.139.242.30:990
71.74.12.34:443
217.164.117.243:2222
116.74.119.75:443
103.142.10.177:443
39.44.150.120:995
182.191.92.203:995
46.176.197.48:995
1.161.88.84:995
217.164.117.243:1194
180.183.99.37:2222
103.17.101.139:995
78.180.172.122:995
175.137.153.178:443
41.84.234.250:443
128.106.122.39:443
39.52.94.159:995
89.137.52.44:443
81.213.206.182:443
78.101.202.183:443
86.98.55.231:995
45.46.53.140:2222
203.99.177.128:443
73.151.236.31:443
76.25.142.196:443
189.146.51.56:443
37.211.176.26:61202
67.165.206.193:993
86.198.170.170:2222
108.4.67.252:443
177.204.115.148:443
217.128.171.34:2222
41.230.62.211:993
200.104.16.99:993
181.98.246.214:443
139.64.13.189:443
217.165.109.191:993
197.89.21.163:443
41.238.52.249:3389
31.215.206.13:443
45.241.208.225:995
39.52.202.55:995
188.210.148.245:443
185.113.58.135:443
39.53.173.222:995
124.41.193.166:443
120.61.1.152:443
39.52.21.207:993
1.161.88.84:443
75.188.35.168:443
72.66.116.235:995
184.149.30.83:2222
41.228.22.180:443
45.9.20.200:443
24.231.158.110:995
24.152.219.253:995
96.246.158.154:995
86.108.123.52:443
107.171.241.236:2222
89.86.33.217:443
5.48.205.15:443
86.98.151.68:995
103.116.178.85:443
182.176.180.73:443
102.132.145.147:443
47.180.172.159:993
177.205.182.145:443
24.53.49.240:443
72.12.115.90:22
72.12.115.90:995
72.12.115.90:2083
72.12.115.90:990
161.142.53.137:443
72.12.115.90:993
72.12.115.90:2078
72.12.115.90:465
72.12.115.90:3389
72.12.115.90:443
41.205.12.24:443
68.204.7.158:443
39.49.75.245:995
217.165.146.122:32101
173.174.216.62:443
208.107.221.224:443
92.177.45.46:2078
119.158.116.122:995
67.209.195.198:443
32.221.231.1:443
89.211.179.202:2222
109.12.111.14:443
70.45.27.254:443
173.220.98.101:443
75.156.151.34:443
103.87.95.131:2222
190.206.211.182:443
2.50.41.69:61200
82.152.39.39:443
89.101.97.139:443
176.45.252.83:995
75.99.168.194:61201
74.15.2.252:2222
139.64.34.193:995
217.164.115.166:2222
102.47.31.216:995
149.135.101.20:443
197.92.132.79:443
41.232.210.78:443
105.184.190.206:995
190.73.3.148:2222
96.21.251.127:2222
176.67.56.94:443
66.230.104.103:443
206.217.0.154:995
186.64.87.194:443
70.51.137.204:2222
47.180.172.159:443
209.210.95.228:32100
75.99.168.194:443
180.233.150.134:995
140.82.49.12:443
190.189.33.6:443
173.21.10.71:2222
47.180.172.159:50010
41.84.246.64:995
86.98.11.110:443
5.89.175.136:443
111.125.245.116:995
196.74.177.152:443
24.178.196.158:2222
100.1.108.246:443
196.203.37.215:80
72.252.201.34:990
114.79.148.170:443
120.150.218.241:995
105.184.116.32:995
31.35.28.29:443
78.96.235.245:443
72.252.201.34:995
102.65.38.67:443
144.202.2.175:995
136.232.34.70:443
69.14.172.24:443
136.143.11.232:443
103.139.242.30:990
71.74.12.34:443
217.164.117.243:2222
116.74.119.75:443
103.142.10.177:443
39.44.150.120:995
182.191.92.203:995
46.176.197.48:995
1.161.88.84:995
217.164.117.243:1194
180.183.99.37:2222
103.17.101.139:995
78.180.172.122:995
175.137.153.178:443
41.84.234.250:443
128.106.122.39:443
39.52.94.159:995
89.137.52.44:443
81.213.206.182:443
78.101.202.183:443
86.98.55.231:995
45.46.53.140:2222
203.99.177.128:443
73.151.236.31:443
76.25.142.196:443
189.146.51.56:443
37.211.176.26:61202
67.165.206.193:993
86.198.170.170:2222
108.4.67.252:443
177.204.115.148:443
217.128.171.34:2222
41.230.62.211:993
200.104.16.99:993
181.98.246.214:443
139.64.13.189:443
217.165.109.191:993
197.89.21.163:443
41.238.52.249:3389
31.215.206.13:443
45.241.208.225:995
39.52.202.55:995
188.210.148.245:443
185.113.58.135:443
39.53.173.222:995
124.41.193.166:443
120.61.1.152:443
39.52.21.207:993
1.161.88.84:443
75.188.35.168:443
72.66.116.235:995
184.149.30.83:2222
41.228.22.180:443
45.9.20.200:443
24.231.158.110:995
24.152.219.253:995
96.246.158.154:995
86.108.123.52:443
107.171.241.236:2222
89.86.33.217:443
5.48.205.15:443
86.98.151.68:995
103.116.178.85:443
182.176.180.73:443
102.132.145.147:443
47.180.172.159:993
177.205.182.145:443
24.53.49.240:443
72.12.115.90:22
72.12.115.90:995
72.12.115.90:2083
72.12.115.90:990
161.142.53.137:443
72.12.115.90:993
72.12.115.90:2078
72.12.115.90:465
72.12.115.90:3389
72.12.115.90:443
41.205.12.24:443
68.204.7.158:443
Unpacked files
SH256 hash:
222db3399b586d2069af719fd4f960e71ca502e9d7fccc04a5ff0551a87d343e
MD5 hash:
02bf71a70a16a2ba733f20cfd97c103c
SHA1 hash:
25f6a65de671fefe484d1d6198f2eeec55c9f23f
SH256 hash:
4cb0bb410870b855571d13f882a072a3d1d5f3becc02bcd9554368838be67440
MD5 hash:
c74b037728625872d0af8c5f4ce71554
SHA1 hash:
29aa46ff98de1cb4871ece6910fe0657ad7260dd
SH256 hash:
1df8d420198c7997c2e0bf9b63d74661ab21a0a9d5826d1b20deb2ece536cf80
MD5 hash:
e8726819a02ece11b8b9a13bd4e6fd7d
SHA1 hash:
48d33e1ded8d73ba7b89a2c752af9383aabf6719
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.