MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 224b3d58500a108f6e4eaaf685bfe9c7d01e4a7e6d29cd271938ef2471ea963a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 8
| SHA256 hash: | 224b3d58500a108f6e4eaaf685bfe9c7d01e4a7e6d29cd271938ef2471ea963a |
|---|---|
| SHA3-384 hash: | ceefe840dbedd05527c8fd587445f6cec40c4ca729436a9d26b1177ed8533c36c862daa7c943c830a22fcc05cfbd2ef1 |
| SHA1 hash: | 1b341708f0f16b4d69fd2564e2fbbb982693749a |
| MD5 hash: | 775c5d7c669b04a24ac9eeb8e58dd382 |
| humanhash: | sixteen-item-glucose-texas |
| File name: | 224b3d58500a108f6e4eaaf685bfe9c7d01e4a7e6d29cd271938ef2471ea963a |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 826'952 bytes |
| First seen: | 2022-02-14 17:14:25 UTC |
| Last seen: | Never |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | d8b6fe98d2b0a8d6f73ca1ea92363dc6 (4 x Quakbot) |
| ssdeep | 24576:g74I8i4ZOpi+cQcFRnb9lgo+1TAaKBsXg:5i4ZYi+cQcFRb4o+1TAaKBsX |
| Threatray | 1 similar samples on MalwareBazaar |
| TLSH | T1A1050A9DA3D01ACEF1DA28BC761823D90F960FF10A7EA073E1132C8516B51F94E66B57 |
| Reporter |  malwarelabnet |
| Tags: | dll Qakbot Quakbot tr |
Intelligence
File Origin
# of uploads :
1
# of downloads :
178
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Searching for the window
Launching a process
Creating a process with a hidden window
Creating a window
Verdict:
Suspicious
Threat level:
5/10
Confidence:
100%
Tags:
overlay
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Threat name:
Win32.Trojan.BotX
Status:
Malicious
First seen:
2022-02-14 17:15:11 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
24 of 28 (85.71%)
Threat level:
5/5
Verdict:
malicious
Label(s):
qakbot
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot botnet:tr campaign:1644572561 banker evasion stealer trojan
Behaviour
Creates scheduled task(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Loads dropped DLL
Qakbot/Qbot
Windows security bypass
Malware Config
C2 Extraction:
37.208.154.43:443
218.101.110.3:995
118.161.4.242:995
31.215.185.99:2222
136.143.11.232:443
24.53.49.240:443
31.215.99.178:443
140.82.49.12:443
113.28.253.9:995
197.89.8.230:443
96.246.158.154:995
24.178.196.158:2222
117.248.109.38:21
82.152.39.39:443
89.101.97.139:443
74.15.2.252:2222
209.210.95.228:32100
93.48.80.198:995
39.44.150.120:995
37.211.176.26:61202
149.135.101.20:443
86.98.49.16:443
38.70.253.226:2222
80.14.196.176:2222
182.191.92.203:995
95.14.105.51:995
83.110.218.201:993
176.67.56.94:443
103.142.10.177:443
196.70.113.89:443
24.222.20.254:443
111.125.245.116:995
118.161.4.242:443
96.21.251.127:2222
32.221.231.1:443
220.255.25.1:2222
31.35.28.29:443
75.67.73.144:443
94.60.254.81:443
190.206.211.182:443
41.228.22.180:443
120.150.218.241:995
67.209.195.198:443
2.50.41.69:61200
103.139.242.30:990
75.156.151.34:443
45.9.20.200:443
78.87.41.5:995
37.210.157.12:2222
103.17.101.139:995
217.164.115.166:2222
42.235.144.180:2222
92.177.45.46:2078
190.73.3.148:2222
39.49.26.34:995
89.137.52.44:443
128.106.122.39:443
41.86.42.158:995
76.25.142.196:443
180.233.150.134:995
173.21.10.71:2222
67.165.206.193:993
75.188.35.168:443
45.46.53.140:2222
82.41.63.217:443
73.151.236.31:443
5.32.41.46:443
114.79.148.170:443
72.252.201.34:990
201.172.31.95:80
100.1.108.246:443
72.252.201.34:995
70.51.137.204:2222
71.74.12.34:443
40.134.247.125:995
78.96.235.245:443
108.4.67.252:443
70.45.27.254:443
78.164.40.62:995
69.14.172.24:443
217.128.171.34:2222
105.184.195.32:995
86.98.149.190:995
41.230.62.211:993
217.128.93.27:2222
80.6.192.58:443
31.215.206.13:443
139.64.58.170:443
96.37.113.36:993
136.232.34.70:443
182.176.180.73:443
39.52.214.104:995
103.139.242.30:993
75.169.34.158:443
31.215.29.238:443
31.215.185.99:1194
89.86.33.217:443
173.26.188.246:443
41.84.238.71:443
23.82.128.108:443
188.247.78.23:443
24.95.61.62:443
144.86.6.161:443
113.210.63.73:443
86.216.184.108:2222
70.163.1.219:443
109.12.111.14:443
31.215.23.29:2222
83.110.218.30:32101
37.203.225.248:443
193.251.59.245:2222
50.200.28.122:995
68.204.7.158:443
73.59.201.174:443
86.98.10.175:995
73.136.32.202:443
86.178.220.77:443
31.215.142.105:2078
94.140.8.84:2222
43.231.252.200:443
41.209.126.246:443
37.186.54.25:995
181.118.183.28:443
162.210.220.137:2222
188.50.206.1:995
161.142.62.76:443
103.123.225.38:6881
67.69.166.79:2222
70.50.147.95:2222
72.66.116.235:995
102.65.38.67:443
187.191.33.158:443
165.255.54.11:995
31.166.23.80:443
184.100.174.73:443
65.100.174.110:8443
65.100.174.110:443
94.200.181.154:995
202.56.44.112:465
106.51.48.170:50001
176.146.15.140:443
105.155.0.250:443
218.101.110.3:995
118.161.4.242:995
31.215.185.99:2222
136.143.11.232:443
24.53.49.240:443
31.215.99.178:443
140.82.49.12:443
113.28.253.9:995
197.89.8.230:443
96.246.158.154:995
24.178.196.158:2222
117.248.109.38:21
82.152.39.39:443
89.101.97.139:443
74.15.2.252:2222
209.210.95.228:32100
93.48.80.198:995
39.44.150.120:995
37.211.176.26:61202
149.135.101.20:443
86.98.49.16:443
38.70.253.226:2222
80.14.196.176:2222
182.191.92.203:995
95.14.105.51:995
83.110.218.201:993
176.67.56.94:443
103.142.10.177:443
196.70.113.89:443
24.222.20.254:443
111.125.245.116:995
118.161.4.242:443
96.21.251.127:2222
32.221.231.1:443
220.255.25.1:2222
31.35.28.29:443
75.67.73.144:443
94.60.254.81:443
190.206.211.182:443
41.228.22.180:443
120.150.218.241:995
67.209.195.198:443
2.50.41.69:61200
103.139.242.30:990
75.156.151.34:443
45.9.20.200:443
78.87.41.5:995
37.210.157.12:2222
103.17.101.139:995
217.164.115.166:2222
42.235.144.180:2222
92.177.45.46:2078
190.73.3.148:2222
39.49.26.34:995
89.137.52.44:443
128.106.122.39:443
41.86.42.158:995
76.25.142.196:443
180.233.150.134:995
173.21.10.71:2222
67.165.206.193:993
75.188.35.168:443
45.46.53.140:2222
82.41.63.217:443
73.151.236.31:443
5.32.41.46:443
114.79.148.170:443
72.252.201.34:990
201.172.31.95:80
100.1.108.246:443
72.252.201.34:995
70.51.137.204:2222
71.74.12.34:443
40.134.247.125:995
78.96.235.245:443
108.4.67.252:443
70.45.27.254:443
78.164.40.62:995
69.14.172.24:443
217.128.171.34:2222
105.184.195.32:995
86.98.149.190:995
41.230.62.211:993
217.128.93.27:2222
80.6.192.58:443
31.215.206.13:443
139.64.58.170:443
96.37.113.36:993
136.232.34.70:443
182.176.180.73:443
39.52.214.104:995
103.139.242.30:993
75.169.34.158:443
31.215.29.238:443
31.215.185.99:1194
89.86.33.217:443
173.26.188.246:443
41.84.238.71:443
23.82.128.108:443
188.247.78.23:443
24.95.61.62:443
144.86.6.161:443
113.210.63.73:443
86.216.184.108:2222
70.163.1.219:443
109.12.111.14:443
31.215.23.29:2222
83.110.218.30:32101
37.203.225.248:443
193.251.59.245:2222
50.200.28.122:995
68.204.7.158:443
73.59.201.174:443
86.98.10.175:995
73.136.32.202:443
86.178.220.77:443
31.215.142.105:2078
94.140.8.84:2222
43.231.252.200:443
41.209.126.246:443
37.186.54.25:995
181.118.183.28:443
162.210.220.137:2222
188.50.206.1:995
161.142.62.76:443
103.123.225.38:6881
67.69.166.79:2222
70.50.147.95:2222
72.66.116.235:995
102.65.38.67:443
187.191.33.158:443
165.255.54.11:995
31.166.23.80:443
184.100.174.73:443
65.100.174.110:8443
65.100.174.110:443
94.200.181.154:995
202.56.44.112:465
106.51.48.170:50001
176.146.15.140:443
105.155.0.250:443
Unpacked files
SH256 hash:
ac7bc57a751a62e1a4093de927ba59eb5bd1c5176f80a5e6de136941559a0fde
MD5 hash:
680126503ad184c8225f04eff50eea58
SHA1 hash:
ce44bea3df13c42c857d3813976c48b318263d26
SH256 hash:
1a0c09bb5f2ed0f38e1fd73a07c6e4051a2f2491c455f390dba0c486bc9e73f1
MD5 hash:
4427cc8ddde527d53b7a663360cadcf4
SHA1 hash:
8c11f52cdfdc806bd845bfb811a1eca8f402fabc
SH256 hash:
224b3d58500a108f6e4eaaf685bfe9c7d01e4a7e6d29cd271938ef2471ea963a
MD5 hash:
775c5d7c669b04a24ac9eeb8e58dd382
SHA1 hash:
1b341708f0f16b4d69fd2564e2fbbb982693749a
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.