MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e363955ad23b167d6c55454671e59864c31c9f98b8a25997c29ae9b70166d42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e363955ad23b167d6c55454671e59864c31c9f98b8a25997c29ae9b70166d42
SHA3-384 hash: 2b22cdda65c2524b71105564ae670dc2be156f4ec389b3d2b000eaa13132f32465a5221bba3d75d772eb8e0230153042
SHA1 hash: 5f54cac3bb1694dd272a72826e285a79e1bffd9f
MD5 hash: 74f18dee89b7103f1c3286f326323fcc
humanhash: burger-quebec-virginia-cold
File name:Summary_23227255_12192022.pdf
Download: download sample
Signature Quakbot
Create hunting rule
File size:113'220 bytes
First seen:2022-12-19 23:19:01 UTC
Last seen:Never
File type: pdf
MIME type:application/pdf
ssdeep 3072:UYfR6PHFkOvzke5TpVZ9VQ+J0YlrFaH9DAXF:UYfRiHFk4zZRpV9X9lfV
TLSH T15BB301B3EDBB266C6EC0B7B92E63A6C612C02B574C441F6C18F93E077690159ED35613
Reporter pr0xylife
Tags:obama230 pdf Qakbot Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
366
Origin country :
CL CL
Vendor Threat Intelligence
Result
Verdict:
Suspicious
File Type:
PDF File
Link:
https://app.docguard.net/1e363955ad23b167d6c55454671e59864c31c9f98b8a25997c29ae9b70166d42/results/dashboard
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/63a0f16b198f1dd693571565/reports/c9b882b2-71fb-4155-b754-7c1955e8a7d6/overview
Label:
Malicious
Suspicious Score:
9.6/10
Score Malicious:
97%
Score Benign:
3%
Link:
https://www.malware.ai/gui/files/?id=eb80b05e-44c2-4d06-aabd-9810148f0021
Result
Verdict:
UNKNOWN
Details
Document With Few Pages
Document contains between one and three pages of content. Most malicious documents are sparse in page count.
IPv4 Dotted Quad URL
A URL was detected referencing a direct IP address, as opposed to a domain name.
Document With Minimal Content
Document contains less than 1 kilobyte of semantic information.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1137587
Signature
Antivirus detection for URL or domain
Clickable URLs found in PDF pointing to potentially malicious files
Multi AV Scanner detection for domain / URL
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 770313 Sample: Summary_23227255_12192022.pdf Startdate: 20/12/2022 Architecture: WINDOWS Score: 60 35 Multi AV Scanner detection for domain / URL 2->35 37 Antivirus detection for URL or domain 2->37 39 Clickable URLs found in PDF pointing to potentially malicious files 2->39 9 AcroRd32.exe 15 45 2->9         started        process3 process4 11 chrome.exe 18 8 9->11         started        14 RdrCEF.exe 77 9->14         started        dnsIp5 31 239.255.255.250 unknown Reserved 11->31 16 unarchiver.exe 4 11->16         started        18 chrome.exe 11->18         started        33 192.168.2.1 unknown unknown 14->33 process6 dnsIp7 21 7za.exe 2 16->21         started        25 216.120.201.143, 49718, 49719, 80 TRIVALENT-GROUP-NEWUS United States 18->25 27 www.google.com 142.250.203.100, 443, 49724, 49747 GOOGLEUS United States 18->27 29 4 other IPs or domains 18->29 process8 process9 23 conhost.exe 21->23         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1e363955ad23b167d6c55454671e59864c31c9f98b8a25997c29ae9b70166d42/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dy3dsvnneoywpvwfkrkgohszqzgddspzrofclgl4fgxjw4awnvba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1e363955ad23b167d6c55454671e59864c31c9f98b8a25997c29ae9b70166d42

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments