MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 23dfa98dc0b37502bfc20df6154d83dc07d15c7a9980db8f0cf6d5963a997ee6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 4
| SHA256 hash: | 23dfa98dc0b37502bfc20df6154d83dc07d15c7a9980db8f0cf6d5963a997ee6 |
|---|---|
| SHA3-384 hash: | f6cce89b3913f57d55ac05158364d5c65e400cf5717b90d8d1bd5d86f1855f28da914d6466a746a542fcc7897699b08e |
| SHA1 hash: | 7e816b084dcb76965221e404fa33d341e44b21f6 |
| MD5 hash: | bb1eeee72d77f525317319bf9c08767e |
| humanhash: | tennis-maine-rugby-mango |
| File name: | D1582094277.zip |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 884'105 bytes |
| First seen: | 2022-10-31 12:14:46 UTC |
| Last seen: | Never |
| File type: | zip |
| MIME type: | application/zip |
| Note: | This file is a password protected archive. The password is: BV1 |
| ssdeep | 24576:s1kliqg/vvVZd7/zVIZlQKjJ1Zt47pEuBg8L:zoNvPx/zOzQKSppBH |
| TLSH | T1DE1533ECC14450AFECDD3BAFC21032EB64A3CD495330CD9DEA565B18AA8595B74D2A70 |
| TrID | 80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1) |
| Reporter |  pr0xylife |
| Tags: | 1667208557 BB05 BV1 Qakbot Quakbot zip |
Intelligence
File Origin
# of uploads :
1
# of downloads :
400
Origin country :
n/a
File Archive Information
This file is a password protected archive. The password is: BV1
This file archive contains 86 file(s), sorted by their relevance:
| File name: | FORWARDG.bmp |
|---|---|
| File size: | 230 bytes |
| SHA256 hash: | d4c88a00fa363908e23d297d923c6b302506e88f0475a75c7cbc01cc8a2aa9ff |
| MD5 hash: | c983b0dc186675ade025a6a8a897ff0d |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | 6 |
|---|---|
| File size: | 308 bytes |
| SHA256 hash: | 11726dcf1eebe23a1df5eb0ee2af39196b702eddd69083d646e4475335130b28 |
| MD5 hash: | 5ca217e52bdc6f23b43c7b6a23171e6e |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | DIMMOVE |
|---|---|
| File size: | 20 bytes |
| SHA256 hash: | ec26c438d10e3e84ec855c47f07a176e6c11bbfae1557d526490711b80f087fe |
| MD5 hash: | b3dbdfe1835416bbc3f5065baca9aca9 |
| MIME type: | application/vnd.lotus-1-2-3 |
| Signature | Quakbot |
| File name: | 32763 |
|---|---|
| File size: | 20 bytes |
| SHA256 hash: | 43f40dd5140804309a4c901ec3c85b54481316e67a6fe18beb9d5c0ce3a42c3a |
| MD5 hash: | 48e064acaba0088aa097b52394887587 |
| MIME type: | application/vnd.lotus-1-2-3 |
| Signature | Quakbot |
| File name: | MAINICON |
|---|---|
| File size: | 20 bytes |
| SHA256 hash: | ff04c16f07007618c7723eb538f879f89e297950bfa77ed55d1a19776f312a37 |
| MD5 hash: | 59517c0a5976f364558b42dbb1cabbc8 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 7 |
|---|---|
| File size: | 308 bytes |
| SHA256 hash: | 6f938aab0a03120de4ef8b27aff6ba5146226c92a056a6f04e5ec8d513ce5f9d |
| MD5 hash: | 6be7031995bb891cb8a787b9052f6069 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 32761 |
|---|---|
| File size: | 20 bytes |
| SHA256 hash: | 9c17b4621412d6ded24a76aed74d4425ae61f86b6d4092ca1e28ca66b7c71399 |
| MD5 hash: | ebb32ed08b06ab16f79c997b7963c57c |
| MIME type: | application/vnd.lotus-1-2-3 |
| Signature | Quakbot |
| File name: | 4096 |
|---|---|
| File size: | 852 bytes |
| SHA256 hash: | 4d166a3dfd72b0f6da1ce32da1665ab3cd626298150bda7419191e22984cc148 |
| MD5 hash: | 65aa395bdb9cbbea647a7d25b59c2b6e |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4068 |
|---|---|
| File size: | 1'236 bytes |
| SHA256 hash: | 5a3d03fff5fc25e88058fbe2333fc433fd1dd26c43295ed4b7a77ed23a603a55 |
| MD5 hash: | efec81d05c0895208ab7a3188ff2db71 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | TPM |
|---|---|
| File size: | 450 bytes |
| SHA256 hash: | 3b635bbb46d5a69a4a396980003ca308ef60b37ac0233cb343ae17fc14c9d8ec |
| MD5 hash: | 93800257f5302923011429851deea370 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | BBIGNORE.bmp |
|---|---|
| File size: | 478 bytes |
| SHA256 hash: | ffb3db09da629fdfcf68d460016829a64acb62faea57c44853284fc295fd9e39 |
| MD5 hash: | 537bbb784734d9293bc1479985f149b4 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | 4073 |
|---|---|
| File size: | 1'492 bytes |
| SHA256 hash: | cca37c48022ba0373b2fcaac477fc17595011b385924b51aba848f49a84f56cc |
| MD5 hash: | 281d1f91ba4c639b3a1de0b20b573d68 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4074 |
|---|---|
| File size: | 924 bytes |
| SHA256 hash: | 297ff05ae415740520df4878dc7ff723f9fc5ac234506fca86ff2f73fe38ff89 |
| MD5 hash: | 2138470a848bee74991a5dffff8e7220 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 32766 |
|---|---|
| File size: | 20 bytes |
| SHA256 hash: | 6e1e7738a1b6373d8829f817915822ef415a1727bb5bb7cfe809e31b3c143ac5 |
| MD5 hash: | dcaa3c032fe97281b125d0d8f677c219 |
| MIME type: | application/vnd.lotus-1-2-3 |
| Signature | Quakbot |
| File name: | BBALL.bmp |
|---|---|
| File size: | 498 bytes |
| SHA256 hash: | 3b955a8390543262469dd6137117aeedca29f3932283d4e97755ac7e6b1cef2b |
| MD5 hash: | 2e1636dc1205967b87e0a48ca4374160 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | 4081 |
|---|---|
| File size: | 1'360 bytes |
| SHA256 hash: | 95f9dd53ab00a1d125fe6a2141876363d1a01a42999ebd937096cfb403389698 |
| MD5 hash: | 8b6ca6e1ad7bf77963bc67cebc1bface |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4075 |
|---|---|
| File size: | 1'164 bytes |
| SHA256 hash: | 0431d271e61d12c1c96296788b0fa630cd155b65a8e3f664233303ab642d618d |
| MD5 hash: | dc8bfd499cd94cbf09d06d9822366dbf |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4086 |
|---|---|
| File size: | 1'072 bytes |
| SHA256 hash: | 2e9560d8af34241d3438503a4b158affc4378d5e5f1cdf118c9d6a3f0e76283f |
| MD5 hash: | 84e4b5aee6f45f873c7110aefd7718a6 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4082 |
|---|---|
| File size: | 1'144 bytes |
| SHA256 hash: | 629a74dc7839aa9023cde41bba06697387466b23309bb9e3d0d00969a1f0ca8b |
| MD5 hash: | ff315b52c2288340edc7175cd702cc02 |
| MIME type: | application/x-stargallery-thm |
| Signature | Quakbot |
| File name: | B |
|---|---|
| File size: | 5'666 bytes |
| SHA256 hash: | 6c77f68680bf255fbf6e409af3ecbdd5198eb8c7f2ae1e920b637931dbaac8b1 |
| MD5 hash: | fbd22ede17bfefa90784e8a88bef2fbb |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | BBNO.bmp |
|---|---|
| File size: | 478 bytes |
| SHA256 hash: | e39534aff450ccb61d730b90ea3b4788957f3dad513051f3cc99306ea4f5962f |
| MD5 hash: | d8d28d4ed4389cc7315274f7f5fe8717 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | 5 |
|---|---|
| File size: | 308 bytes |
| SHA256 hash: | 99676c52310db365580965ea646ece86c62951bfd97ec0aae9f738a202a90593 |
| MD5 hash: | f321ad13d1c3f35a05d67773b4bc27d6 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4077 |
|---|---|
| File size: | 1'200 bytes |
| SHA256 hash: | a04451d9c5ba0d4582214deb82ce8cf4ee12bbfae7fbc9664da15c8ae500373c |
| MD5 hash: | a52b53029d19bc04d9ddb7eb3c444beb |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4087 |
|---|---|
| File size: | 924 bytes |
| SHA256 hash: | d33b05bb93904bd0044018bbb2924d9bbee120ca6b4ab1f890daa4054d567c98 |
| MD5 hash: | 1b3d0a7de46ed79491a62bbb3ce39864 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | TCUSTOMIZEFRM |
|---|---|
| File size: | 6'419 bytes |
| SHA256 hash: | 2ca9132caf9bba2bef1346d1b3cdfc3f6f0aa7ac909d43339a5379f76dd9d014 |
| MD5 hash: | 1051e3ecdd5559e2f74dec6dc88b7f0e |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | BBOK.bmp |
|---|---|
| File size: | 478 bytes |
| SHA256 hash: | c35f78ea460e7d4d733f8f47f916be6436f1808c466cc0af10ace95ed5fb736c |
| MD5 hash: | 5f34f4622785bb3cbf03f4d25139c25f |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | 32765 |
|---|---|
| File size: | 20 bytes |
| SHA256 hash: | a0adcedb82b57089f64e2857f97cefd6cf25f4d27eefc6648bda83fd5fef66bb |
| MD5 hash: | 0893f6ba80d82936ebe7a8216546cd9a |
| MIME type: | application/vnd.lotus-1-2-3 |
| Signature | Quakbot |
| File name: | 32764 |
|---|---|
| File size: | 20 bytes |
| SHA256 hash: | ff47a48c11c234903a7d625cb8b62101909f735ad84266c98dd4834549452c39 |
| MD5 hash: | 1ae28d964ba1a2b1b73cd813a32d4b40 |
| MIME type: | application/vnd.lotus-1-2-3 |
| Signature | Quakbot |
| File name: | 4089 |
|---|---|
| File size: | 924 bytes |
| SHA256 hash: | b3f769c42750e668ead1cee74047a6f872bbcde9d2d9372a90ace0621ce84206 |
| MD5 hash: | f1efeced1abdf5c9d5909e322c919862 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4091 |
|---|---|
| File size: | 236 bytes |
| SHA256 hash: | 26afa355a3a2ddfa48dc66f4b1a36a6427d76fc7c4879a257331e0a1549ea3b9 |
| MD5 hash: | 505601e39da20179c44757c61913506f |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 32762 |
|---|---|
| File size: | 20 bytes |
| SHA256 hash: | b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c |
| MD5 hash: | aff0f5e372bd49ceb9f615b9a04c97df |
| MIME type: | application/vnd.lotus-1-2-3 |
| Signature | Quakbot |
| File name: | 4088 |
|---|---|
| File size: | 980 bytes |
| SHA256 hash: | 7ed529b939837d2af0b351397b64cb2641b8991ddbb724531fb691c81e4d34c7 |
| MD5 hash: | 1c911128fd38c92664e564fe7c2748b7 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4095 |
|---|---|
| File size: | 764 bytes |
| SHA256 hash: | b6764bfcca8110bf12518f0c04d74c3e5c5d2b83bad0c55947c4a70cd20cbfc2 |
| MD5 hash: | f70e9c316c8b4e969172b418391d0708 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4085 |
|---|---|
| File size: | 360 bytes |
| SHA256 hash: | 7bb30b12014a823d3d9076099d6d6cef008ad63168f9eaa9d8e70e6f83307048 |
| MD5 hash: | 6797ab2ec47c3e5ce0bd25bbc97698bb |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4069 |
|---|---|
| File size: | 1'172 bytes |
| SHA256 hash: | 241abb15a188c05662cb5b14e3a25a3b35710babe570894d2bd160b8193396b9 |
| MD5 hash: | 5f1f2b7a844d8569bc9292ec3dd42a06 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | FORWARD.bmp |
|---|---|
| File size: | 230 bytes |
| SHA256 hash: | 8fa4d79ec217bf4e7b8ec5d185071dd948b6d6c5e8e3090d1fb79a009db54c4c |
| MD5 hash: | b7335b66c5309e2348ceb8ce2979b117 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | 32767 |
|---|---|
| File size: | 20 bytes |
| SHA256 hash: | 326c048595bbc72e3f989cb3b95fbf09dc83739ced3cb13eb6f03336f95d74f1 |
| MD5 hash: | a95c7c78d0a0b30b87e3c4976e473508 |
| MIME type: | application/vnd.lotus-1-2-3 |
| Signature | Quakbot |
| File name: | HOMEG.bmp |
|---|---|
| File size: | 146 bytes |
| SHA256 hash: | b593c07089f9e1628e9d85523f8b081c78008c16df58ac6393fe399e9516701d |
| MD5 hash: | 153098b61028f186a68549c1b7005010 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | 8 |
|---|---|
| File size: | 308 bytes |
| SHA256 hash: | 80b17da469f0fe1eb6440afcfebdfe3356e6c21c57c6750a9fec361999517197 |
| MD5 hash: | f7e7d644defe36c10cfaa68dbea0d9a7 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4 |
|---|---|
| File size: | 308 bytes |
| SHA256 hash: | 9d9edf87ca203ecc60b246cc783d54218dd0ce77d3a025d0bafc580995a4abd8 |
| MD5 hash: | 9929115b21c2c59348058d4190392e75 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | ROWS.bmp |
|---|---|
| File size: | 246 bytes |
| SHA256 hash: | 3a5a1c82be649cfe62103e3bf96561fd12bcdc50665134c74a1b8af2c68bef45 |
| MD5 hash: | c62a71ac35b607f00ee0a802d73acabd |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | 4078 |
|---|---|
| File size: | 484 bytes |
| SHA256 hash: | d51bd3617ccca18d9b51089c2b0e87d37a218ac456d8549abe97b6bb6d28722f |
| MD5 hash: | ef89b5a107cd515b26ded47f0e3e2464 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | PACKAGEINFO |
|---|---|
| File size: | 1'636 bytes |
| SHA256 hash: | ceeca306cff4cd017fea73816db36ab9041918b03e531f4fa01a568953670298 |
| MD5 hash: | dabe2e19e8e55305b64d6ca22801b487 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | velvety.png |
|---|---|
| File size: | 64'019 bytes |
| SHA256 hash: | ad81af3aab285fde823ff98745d474137c7c9c15a5a549d22112d00334bb82cc |
| MD5 hash: | 5a5e2b2dcf4661292467b66b5e37d4e0 |
| MIME type: | image/png |
| Signature | Quakbot |
| File name: | 4084 |
|---|---|
| File size: | 260 bytes |
| SHA256 hash: | a237dc4dad37149ac35ba98b66901d88fae047cf051df5b19a36e6e519f98d65 |
| MD5 hash: | f82da83ff06370935731508d23bfdc36 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | COLS.bmp |
|---|---|
| File size: | 246 bytes |
| SHA256 hash: | da870b891f468f51814dca86fed21e2d1518280ae9f78e1e7dbe00bd46fd6137 |
| MD5 hash: | 32e23b74220cafc3f5ac01501e3cbb16 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | BBRETRY.bmp |
|---|---|
| File size: | 478 bytes |
| SHA256 hash: | bf5224d8ad0268449e28dbc24df64128638e098c2b7557bf533929b058df1d99 |
| MD5 hash: | 928a8af63d865b045c242a21840fcdd0 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | CAPTION.bmp |
|---|---|
| File size: | 238 bytes |
| SHA256 hash: | 726abbc7c37cf5fbc6af6bad0deaaf9597cfb1be69564434b229d6a4e21a1d48 |
| MD5 hash: | cf26bad8179d984ac1837c3224a68b43 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | 4076 |
|---|---|
| File size: | 812 bytes |
| SHA256 hash: | 694a11e724e6251c5be3f78d34cf53cc3816c2785b3347f3de047ef18771e975 |
| MD5 hash: | baabea0b125f1aba0cec1f110051ba81 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | RIGHTARROW.bmp |
|---|---|
| File size: | 238 bytes |
| SHA256 hash: | 8f5d5ee0d03967e23c5242901a1d50f91ddbae3141209a592c767ff296f3020f |
| MD5 hash: | fc5fb92ad683442b81aa9f0aef539c17 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | BBHELP.bmp |
|---|---|
| File size: | 478 bytes |
| SHA256 hash: | e3a836db6d812705f3f34b505614948d46dc61bc1fe03908aaf85f53676c4193 |
| MD5 hash: | 7af64d39ef2dc82c4b65f3b54791561d |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | BACKUPG.bmp |
|---|---|
| File size: | 230 bytes |
| SHA256 hash: | f2a0b7e99508e67c4a76869fc3cf987b151eac299275b0ad55d0dd2befae6dda |
| MD5 hash: | 27a6891edca907d6c57d33e97b41f8a5 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | DATA |
|---|---|
| File size: | 15'360 bytes |
| SHA256 hash: | 4729560b5f15d16a5eb6b2fd9eaced475a38f227631a540cad582ae12c168810 |
| MD5 hash: | d726559721fdd6a98163481ff9627027 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | LEFTARROW.bmp |
|---|---|
| File size: | 238 bytes |
| SHA256 hash: | 9a3afe28ada26ad36b1510f762b17d92c4a19fce2b3ae903bc7de134edc9ce34 |
| MD5 hash: | b4984802308462abe1ede5493a2abaee |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | DLGTEMPLATE |
|---|---|
| File size: | 82 bytes |
| SHA256 hash: | 771f64afb45a9edc8c4f6c5b2039f9b32623cea53bf0cab5bf1f371cc5d1abe4 |
| MD5 hash: | db949b51eec31f37281a7fa424a3e158 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | DOPEN.bmp |
|---|---|
| File size: | 238 bytes |
| SHA256 hash: | 5d2a0f6fbd61eabd270edf9eb447784e65c780aae4b24413311b5372db0561ca |
| MD5 hash: | caff3a290b9bf6b931047c048a48754c |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | 3 |
|---|---|
| File size: | 308 bytes |
| SHA256 hash: | ee1c9c194199c320c893b367602ccc7ee7270bd4395d029f727e097634f47f8c |
| MD5 hash: | a04c3c368cb37c07bd5f63e7e6841ebd |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4067 |
|---|---|
| File size: | 932 bytes |
| SHA256 hash: | 3ead2ecd2bcb7ffb3204c96ddde81499a93571cab9592c79bde9b20f13037435 |
| MD5 hash: | 0ca3a8335687438f9a59a22d17c845de |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | BACKUP.bmp |
|---|---|
| File size: | 230 bytes |
| SHA256 hash: | f54c76df15c5dcce9e2ea20992beace891f34985508700d7d968554af96cf7d9 |
| MD5 hash: | 30ae8f3f9a512cf669cc40a75218f795 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | BBABORT.bmp |
|---|---|
| File size: | 478 bytes |
| SHA256 hash: | 2ffe79a5ce4b620734d86a69c5173f4bad4beb4bddaec7b094deba85ba4cc74a |
| MD5 hash: | 6ca37006db4e7bc3f7c5d380eef589e4 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | CODE |
|---|---|
| File size: | 1'273'344 bytes |
| SHA256 hash: | 670acd0b7e78f9d088ada0e4a00e081f646f6398c402735b79e3c5dbf78d7f94 |
| MD5 hash: | bc8c84cf0ff8cabbfda9cd015b571c14 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | DCLOSE.bmp |
|---|---|
| File size: | 238 bytes |
| SHA256 hash: | 87f67708ea148c5503f66ec1d0c2594dadc06079e6f200a73dea4dcddb43488c |
| MD5 hash: | 680d90162335b4da12cb670bdd71e363 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | 4093 |
|---|---|
| File size: | 1'064 bytes |
| SHA256 hash: | a8e4e3e739b4ed3e10c495c781557b4a6e0e83c9017a79c930f61834290e3d74 |
| MD5 hash: | 988aa0537972b7eae4373b97b046d8c8 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | BBCLOSE.bmp |
|---|---|
| File size: | 478 bytes |
| SHA256 hash: | be6c59e40bf15f04f38c7df4f87ce093ae2cdef90f213b58521c520dff000c03 |
| MD5 hash: | a8539fec2d414fcfa7a7081d6812c266 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | A |
|---|---|
| File size: | 168'964 bytes |
| SHA256 hash: | c8984d2f753c328fa297988ebda604f8a019ada1ac18a511c5015075a17fe44e |
| MD5 hash: | b1e4c20df8d81f4222b5e67d7a62f5bd |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4080 |
|---|---|
| File size: | 284 bytes |
| SHA256 hash: | d0141fd23c47653793052328a70e5883a1bf7b63c0cd7b4da540e6d2270209b0 |
| MD5 hash: | 6e6b609d123eb14d2ec60a3e201963d0 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4090 |
|---|---|
| File size: | 564 bytes |
| SHA256 hash: | 8087b6f485dbc8b45ceed7b1120d0ca0567e5633c8dfe94041f3cac6e209b8ac |
| MD5 hash: | 7b38e1bb059dea4e02e5c73de705d534 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 2 |
|---|---|
| File size: | 308 bytes |
| SHA256 hash: | ce19ace18e87b572e6912306776226af5b8e63959c61cde70a8ff05b3bbdcc41 |
| MD5 hash: | 2e87b3c111e3073a841775c1f8ec5a90 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | DIMINS |
|---|---|
| File size: | 20 bytes |
| SHA256 hash: | c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710 |
| MD5 hash: | a2baa01ccdea3190e4998a54dbc202a4 |
| MIME type: | application/vnd.lotus-1-2-3 |
| Signature | Quakbot |
| File name: | DVCLAL |
|---|---|
| File size: | 16 bytes |
| SHA256 hash: | 88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610 |
| MD5 hash: | d8090aba7197fbf9c7e2631c750965a8 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | PIVOT.bmp |
|---|---|
| File size: | 238 bytes |
| SHA256 hash: | cb13292f4df6b681a65122e1d37f66b7d28207e8dd3a4071dcf86f69c0e64aef |
| MD5 hash: | 47d416009029688e75e034c47c99bf92 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | 4070 |
|---|---|
| File size: | 1'348 bytes |
| SHA256 hash: | 91e190b3f10e2cdad2b1f25ae280607acfa4da31f40c88405c6ee145de0c96bf |
| MD5 hash: | e67ec8ac44966a85a641d3663a4e8f48 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | butting.txt |
|---|---|
| File size: | 163'817 bytes |
| SHA256 hash: | 6b8c8eb5f5c21042b6a40353618f9f438a87a5a0e1bf5d82e893b61c4e49db95 |
| MD5 hash: | ca4c472dbf45445c924b1243e45d9c42 |
| MIME type: | text/plain |
| Signature | Quakbot |
| File name: | HOME.bmp |
|---|---|
| File size: | 146 bytes |
| SHA256 hash: | 5f9b27024601a0f22f8422a45b3b2cd9509e319ecf4b646ece7372418d414d13 |
| MD5 hash: | dd794866fd1c9435f32bb8450ffc838c |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | 9 |
|---|---|
| File size: | 308 bytes |
| SHA256 hash: | b8e6fc93d423931acbddae3c27dd3c4eb2a394005d746951a971cb700e0ee510 |
| MD5 hash: | ff4e5862f26ea666373e5fab2bddfb11 |
| MIME type: | image/x-tga |
| Signature | Quakbot |
| File name: | PREVIEWGLYPH.bmp |
|---|---|
| File size: | 246 bytes |
| SHA256 hash: | e53b636752155553c853a19bd1972ce2f2bb196661a69eec66391454955e1a42 |
| MD5 hash: | d83f09dc09bc6c6e7f69517ee70adf55 |
| MIME type: | image/bmp |
| Signature | Quakbot |
| File name: | TGRT |
|---|---|
| File size: | 421 bytes |
| SHA256 hash: | 835d3bfaf74c5efe18cb3fbe678531f2fd98fe353e478e92be8e73ab2b3d6e3a |
| MD5 hash: | 17a4a71efe4ce88b820f59bb7a398559 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4092 |
|---|---|
| File size: | 496 bytes |
| SHA256 hash: | 2e9f4955895b5cffecdc0e865bec305e8dfbc49cd648a93824ee6a0c847eb1a9 |
| MD5 hash: | e506dc5b4cf156cb873cc90e56fcc863 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4083 |
|---|---|
| File size: | 192 bytes |
| SHA256 hash: | 36997b4146119eac76e13e502c87ffe71bd327d0aaaa25a4268960903a081f31 |
| MD5 hash: | eadf612d918d3b94e6d1feb6d753ba48 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4079 |
|---|---|
| File size: | 420 bytes |
| SHA256 hash: | 6869ec273639bda8b5329869989d8a3583dab04af7a7b1fdb189d572e14d47c0 |
| MD5 hash: | 9d36a142a30de76aa30abed75f4ca633 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4094 |
|---|---|
| File size: | 956 bytes |
| SHA256 hash: | e722c2e528584087a384bff5323dc1e4a71314978d6b9326c4685809c65617ff |
| MD5 hash: | a3a26babb12776c8237b6ccd84e839ad |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4071 |
|---|---|
| File size: | 1'212 bytes |
| SHA256 hash: | 562f3b2d67bd78686545371b0ff0944cdf094f832359a5f2422295dcbe120cb9 |
| MD5 hash: | 698879aed5adc3c6819d2791b552df2a |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | 4072 |
|---|---|
| File size: | 1'088 bytes |
| SHA256 hash: | 0c864d631f7201895a5923628d2a30ce417882850e80bc51be2fee0cc21cb984 |
| MD5 hash: | 9d7434ea260b28fb6b84a39288bc86d8 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | dour.dat |
|---|---|
| File size: | 1'632'072 bytes |
| SHA256 hash: | 24aec370771ad1208aeb54721067c9e3b139a368f13ab6b131dc7d6c13da5127 |
| MD5 hash: | c48d309b2f59581cf8b8c1fd1790ebdb |
| MIME type: | application/x-dosexec |
| Signature | Quakbot |
| File name: | parked.cmd |
|---|---|
| File size: | 639 bytes |
| SHA256 hash: | 91a7a6a99976e0c29bc30b4d8dc430e621200c722f0a8aa4244e2ce832c6093b |
| MD5 hash: | 924044640b25c3067ceca815158b8649 |
| MIME type: | text/x-msdos-batch |
| Signature | Quakbot |
| File name: | CO.lnk |
|---|---|
| File size: | 1'775 bytes |
| SHA256 hash: | 4fbc4725efd95f215fc82330078267a0dcae6cf9cf3362af323fa1447f65a5e1 |
| MD5 hash: | f9c02e45030f8835a4e407c0f6b7041a |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Link:
Detection(s):
Suspicious file
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot botnet:bb05 campaign:1667208557 banker stealer trojan
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Qakbot/Qbot
Malware Config
C2 Extraction:
174.77.209.5:443
187.0.1.74:23795
24.206.27.39:443
1.156.220.169:30723
156.216.39.119:995
58.186.75.42:443
1.156.197.160:30467
187.1.1.190:4844
186.18.210.16:443
1.181.56.171:771
90.165.109.4:2222
187.0.1.186:39742
87.57.13.215:443
187.0.1.207:52344
227.26.3.227:1
98.207.190.55:443
187.0.1.197:7017
188.49.56.189:443
102.156.160.115:443
187.0.1.24:17751
70.51.139.148:2222
187.0.1.109:34115
14.164.18.210:443
187.0.1.97:30597
205.161.22.189:443
187.0.1.151:54711
196.217.63.248:443
187.0.1.160:45243
66.37.239.222:443
24.207.97.40:443
187.0.1.59:24056
68.62.199.70:443
45.230.169.132:993
187.0.1.74:23795
24.206.27.39:443
1.156.220.169:30723
156.216.39.119:995
58.186.75.42:443
1.156.197.160:30467
187.1.1.190:4844
186.18.210.16:443
1.181.56.171:771
90.165.109.4:2222
187.0.1.186:39742
87.57.13.215:443
187.0.1.207:52344
227.26.3.227:1
98.207.190.55:443
187.0.1.197:7017
188.49.56.189:443
102.156.160.115:443
187.0.1.24:17751
70.51.139.148:2222
187.0.1.109:34115
14.164.18.210:443
187.0.1.97:30597
205.161.22.189:443
187.0.1.151:54711
196.217.63.248:443
187.0.1.160:45243
66.37.239.222:443
24.207.97.40:443
187.0.1.59:24056
68.62.199.70:443
45.230.169.132:993
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
YARA Signatures
MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.
| Rule name: | meth_get_eip |
|---|---|
| Author: | Willi Ballenthin |
| Rule name: | meth_stackstrings |
|---|---|
| Author: | Willi Ballenthin |
| Rule name: | PassProtected_ZIP_ISO_file |
|---|---|
| Author: | _jc |
| Description: | Detects container formats commonly smuggled through password-protected zips |
| Rule name: | QakBot |
|---|---|
| Author: | kevoreilly |
| Description: | QakBot Payload |
| Rule name: | unpacked_qbot |
|---|---|
| Description: | Detects unpacked or memory-dumped QBot samples |
| Rule name: | win_qakbot_auto |
|---|---|
| Author: | Felix Bilstein - yara-signator at cocacoding dot com |
| Description: | Detects win.qakbot. |
| Rule name: | win_qakbot_malped |
|---|---|
| Author: | Felix Bilstein - yara-signator at cocacoding dot com |
| Description: | Detects win.qakbot. |
File information
The table below shows additional information about this malware sample such as delivery method and external references.
No further information available
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.