MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ba3c60a38843bb6e94665abf69b0b4aacd50fcc34a699882d1c692a97f0c53e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ba3c60a38843bb6e94665abf69b0b4aacd50fcc34a699882d1c692a97f0c53e
SHA3-384 hash: 9c6b9cef554fb62b150598c640638de35ab24b10fff97e17d06ab84fe0ed20d3ad762f2f46452019db7bb7268f57f7a2
SHA1 hash: 4e62cb41001c0259e0056f37a335291002df9c4b
MD5 hash: 371c1d5b7dc465fcf03042d8892bebce
humanhash: lake-fourteen-echo-video
File name:RKv4qulgOvL2Bc.js
Download: download sample
Signature Quakbot
Create hunting rule
File size:327'011 bytes
First seen:2023-06-14 07:45:28 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 6144:bSfr0dh2tgcH6YTkM0cNRcpZwg/EBQ+8N/ygD1pRbBiHwaNc8/YjAhS:bSfrSh2tgcH6YTkMXRcpZwg/QQ+I/ygZ
TLSH T1366453496A95E0F19137B377CA578450FAAB0F1B2084C972B93C505D2F3D8297AB7EC8
Reporter JAMESWT_WT
Tags:js Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
289
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.JS.Trojan.Cryxos.12665.12266.28365.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6489704142386ee977f41cc2/reports/27042b28-6d39-40f0-9e6e-22489744194b/overview
Verdict:
Malicious
Labled as:
Trojan.Cryxos.JS
Link:
https://www.hybrid-analysis.com/sample/2ba3c60a38843bb6e94665abf69b0b4aacd50fcc34a699882d1c692a97f0c53e
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1254230
Signature
Encrypted powershell cmdline option found
JScript performs obfuscated calls to suspicious functions
Malicious sample detected (through community Yara rule)
Very long command line found
Wscript starts Powershell (via cmd or directly)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2ba3c60a38843bb6e94665abf69b0b4aacd50fcc34a699882d1c692a97f0c53e/
Threat name:
Script-JS.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2023-06-13 20:14:03 UTC
File Type:
Text (HTML)
AV detection:
4 of 36 (11.11%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=for4mcryqq53n2kgmwv7ngyljkwnkd6mgstjtcbndrusvf7qyu7a._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/230614-jlztraeg3v/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Blocklisted process makes network request
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/2ba3c60a3884/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2ba3c60a38843bb6e94665abf69b0b4aacd50fcc34a699882d1c692a97f0c53e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

Java Script (JS) js 2ba3c60a38843bb6e94665abf69b0b4aacd50fcc34a699882d1c692a97f0c53e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2659434/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2659278/
  
URLhaus
https://urlhaus.abuse.ch/url/2660039/
  
URLhaus
https://urlhaus.abuse.ch/url/2659461/

Comments