MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 31c403cea645f5385ccf3a27ae7e6df604adc0ebecdd865ab11f0fdcba191f3c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 9
| SHA256 hash: | 31c403cea645f5385ccf3a27ae7e6df604adc0ebecdd865ab11f0fdcba191f3c |
|---|---|
| SHA3-384 hash: | d595e4fb81310716f28de8f310607e659bde123f93258dd361d3f42cd5e6a07264206f7db309dad38b02884b61980e41 |
| SHA1 hash: | 29522e49041d2d2a870c20ebe9c6528224f999ef |
| MD5 hash: | 7adcf98526037b61f74a5e413d3e1846 |
| humanhash: | black-sierra-kansas-yellow |
| File name: | fn.png |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 1'056'776 bytes |
| First seen: | 2022-03-01 14:48:52 UTC |
| Last seen: | Never |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | 39e575b47547313526712cf504793169 (3 x Quakbot) |
| ssdeep | 24576:cSdk/wBjirEIzNbNsdU5xB31FFbDt3xywiDSR6b/2+:cSlmg2NbNsIxB3LZB3Z |
| Threatray | 102 similar samples on MalwareBazaar |
| TLSH | T14325BE71A2E115BFC1733B7DAC3E6198CC24AE512D14DC4CB7DD1E8E0E296A227251BE |
| File icon (PE): |  |
| dhash icon | 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner) |
| Reporter | Anonymous |
| Tags: | dll Qakbot qbot Quakbot tr |
Anonymous
https://urlhaus.abuse.ch/browse/tag/tr/Intelligence
File Origin
# of uploads :
1
# of downloads :
250
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Сreating synchronization primitives
Launching a process
Searching for synchronization primitives
Creating a window
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
control.exe greyware keylogger overlay packed
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Qakbot
Verdict:
Malicious
Threat name:
Win32.Infostealer.QBot
Status:
Malicious
First seen:
2022-03-01 14:49:12 UTC
File Type:
PE (Dll)
Extracted files:
91
AV detection:
16 of 28 (57.14%)
Threat level:
5/5
Verdict:
malicious
Label(s):
qakbot
Similar samples:
+ 92 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot botnet:tr campaign:1646119987 banker evasion stealer trojan
Behaviour
Checks processor information in registry
Creates scheduled task(s)
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Loads dropped DLL
Qakbot/Qbot
Suspicious use of NtCreateProcessExOtherParentProcess
Windows security bypass
Malware Config
C2 Extraction:
176.67.56.94:443
66.230.104.103:443
47.180.172.159:443
39.52.38.109:995
140.82.49.12:443
75.99.168.194:443
41.43.13.54:995
47.180.172.159:50010
151.69.0.8:995
24.178.196.158:2222
76.69.155.202:2222
208.107.221.224:443
103.230.180.119:443
118.189.242.45:2083
93.48.80.198:995
41.84.244.135:443
105.157.113.234:443
47.23.89.60:993
173.174.216.62:443
167.86.202.26:443
141.237.140.181:995
86.98.148.83:995
197.167.46.225:993
75.99.168.194:61201
70.57.207.83:443
103.139.242.30:990
184.100.174.73:443
186.64.67.40:443
176.88.238.122:995
115.69.247.95:443
114.79.148.170:443
41.84.233.53:995
120.61.0.254:443
76.169.147.192:32103
193.253.44.249:2222
38.70.253.226:2222
41.228.22.180:443
5.88.12.21:443
39.41.139.127:995
102.140.70.201:443
102.65.38.67:443
105.184.116.32:995
144.202.2.175:995
76.25.142.196:443
39.49.63.64:995
92.177.45.46:2078
2.50.27.78:443
103.87.95.131:2222
89.211.185.240:2222
190.189.33.6:32101
76.70.9.169:2222
220.129.52.36:443
67.209.195.198:443
75.67.194.204:443
217.128.122.65:2222
121.74.187.191:995
31.215.84.57:2222
120.150.218.241:995
32.221.231.1:443
176.45.240.198:995
180.233.150.134:995
136.143.11.232:443
78.100.194.138:6883
75.188.35.168:443
58.105.167.35:50000
118.161.12.23:995
80.14.188.219:2222
139.228.65.100:2222
197.89.109.221:443
75.156.151.34:443
96.21.251.127:2222
149.135.101.20:443
2.50.41.69:61200
128.106.122.206:443
74.15.2.252:2222
117.248.109.38:21
209.210.95.228:32100
63.153.150.20:443
86.97.247.128:1194
190.73.3.148:2222
63.143.92.99:995
185.249.85.209:443
182.191.92.203:995
67.165.206.193:993
86.98.156.238:993
180.183.100.147:2222
39.44.58.183:995
86.97.247.128:2222
144.202.2.175:443
71.74.12.34:443
173.21.10.71:2222
118.189.242.45:2222
189.253.111.123:995
73.151.236.31:443
70.51.153.159:2222
82.41.63.217:443
201.103.17.10:443
108.16.33.18:443
100.1.108.246:443
24.55.67.176:443
40.134.247.125:995
72.252.201.34:995
208.101.87.135:443
81.229.130.188:443
78.96.235.245:443
86.198.170.170:2222
105.184.190.210:995
89.101.97.139:443
72.252.201.34:990
176.110.96.225:443
109.12.111.14:443
47.156.191.217:443
80.123.141.226:443
82.152.39.39:443
45.46.53.140:2222
68.204.7.158:443
84.241.8.23:32103
197.164.171.102:995
197.167.46.225:995
124.41.193.166:443
197.0.213.138:443
78.191.34.56:995
121.7.223.188:2222
89.137.52.44:443
218.111.147.237:443
161.142.63.168:443
86.139.33.187:443
86.98.51.143:995
101.50.110.176:995
189.146.51.56:443
31.215.70.101:443
41.230.62.211:993
197.165.161.159:995
81.213.206.182:443
206.217.0.154:995
191.99.191.28:443
216.46.32.83:443
67.69.166.79:2222
186.69.101.54:443
47.158.25.67:443
72.252.201.34:993
39.52.196.53:995
190.206.211.182:443
31.35.28.29:443
69.14.172.24:443
69.144.42.24:443
78.101.152.231:61202
196.203.37.215:80
103.116.178.85:443
66.230.104.103:443
47.180.172.159:443
39.52.38.109:995
140.82.49.12:443
75.99.168.194:443
41.43.13.54:995
47.180.172.159:50010
151.69.0.8:995
24.178.196.158:2222
76.69.155.202:2222
208.107.221.224:443
103.230.180.119:443
118.189.242.45:2083
93.48.80.198:995
41.84.244.135:443
105.157.113.234:443
47.23.89.60:993
173.174.216.62:443
167.86.202.26:443
141.237.140.181:995
86.98.148.83:995
197.167.46.225:993
75.99.168.194:61201
70.57.207.83:443
103.139.242.30:990
184.100.174.73:443
186.64.67.40:443
176.88.238.122:995
115.69.247.95:443
114.79.148.170:443
41.84.233.53:995
120.61.0.254:443
76.169.147.192:32103
193.253.44.249:2222
38.70.253.226:2222
41.228.22.180:443
5.88.12.21:443
39.41.139.127:995
102.140.70.201:443
102.65.38.67:443
105.184.116.32:995
144.202.2.175:995
76.25.142.196:443
39.49.63.64:995
92.177.45.46:2078
2.50.27.78:443
103.87.95.131:2222
89.211.185.240:2222
190.189.33.6:32101
76.70.9.169:2222
220.129.52.36:443
67.209.195.198:443
75.67.194.204:443
217.128.122.65:2222
121.74.187.191:995
31.215.84.57:2222
120.150.218.241:995
32.221.231.1:443
176.45.240.198:995
180.233.150.134:995
136.143.11.232:443
78.100.194.138:6883
75.188.35.168:443
58.105.167.35:50000
118.161.12.23:995
80.14.188.219:2222
139.228.65.100:2222
197.89.109.221:443
75.156.151.34:443
96.21.251.127:2222
149.135.101.20:443
2.50.41.69:61200
128.106.122.206:443
74.15.2.252:2222
117.248.109.38:21
209.210.95.228:32100
63.153.150.20:443
86.97.247.128:1194
190.73.3.148:2222
63.143.92.99:995
185.249.85.209:443
182.191.92.203:995
67.165.206.193:993
86.98.156.238:993
180.183.100.147:2222
39.44.58.183:995
86.97.247.128:2222
144.202.2.175:443
71.74.12.34:443
173.21.10.71:2222
118.189.242.45:2222
189.253.111.123:995
73.151.236.31:443
70.51.153.159:2222
82.41.63.217:443
201.103.17.10:443
108.16.33.18:443
100.1.108.246:443
24.55.67.176:443
40.134.247.125:995
72.252.201.34:995
208.101.87.135:443
81.229.130.188:443
78.96.235.245:443
86.198.170.170:2222
105.184.190.210:995
89.101.97.139:443
72.252.201.34:990
176.110.96.225:443
109.12.111.14:443
47.156.191.217:443
80.123.141.226:443
82.152.39.39:443
45.46.53.140:2222
68.204.7.158:443
84.241.8.23:32103
197.164.171.102:995
197.167.46.225:995
124.41.193.166:443
197.0.213.138:443
78.191.34.56:995
121.7.223.188:2222
89.137.52.44:443
218.111.147.237:443
161.142.63.168:443
86.139.33.187:443
86.98.51.143:995
101.50.110.176:995
189.146.51.56:443
31.215.70.101:443
41.230.62.211:993
197.165.161.159:995
81.213.206.182:443
206.217.0.154:995
191.99.191.28:443
216.46.32.83:443
67.69.166.79:2222
186.69.101.54:443
47.158.25.67:443
72.252.201.34:993
39.52.196.53:995
190.206.211.182:443
31.35.28.29:443
69.14.172.24:443
69.144.42.24:443
78.101.152.231:61202
196.203.37.215:80
103.116.178.85:443
Unpacked files
SH256 hash:
5ee5f3d54bf2882f823c1e21267513f5289ad1ee8f4796b1895be6f3f6e94782
MD5 hash:
abe5d77b1bf2b329481fe8602c507b9c
SHA1 hash:
623151607d13cefb113cd16183ce047b6b3300c4
SH256 hash:
3a5b4f48d8d368f0914cc324ef9fe5040e51fbeded016958b81770e130b63a3c
MD5 hash:
726e696939d0b9ceb9a98938806bd095
SHA1 hash:
59cc9b5469bfb16f0465c1f140d59b0eb13cc436
SH256 hash:
31c403cea645f5385ccf3a27ae7e6df604adc0ebecdd865ab11f0fdcba191f3c
MD5 hash:
7adcf98526037b61f74a5e413d3e1846
SHA1 hash:
29522e49041d2d2a870c20ebe9c6528224f999ef
Malware family:
CryptOne
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Distributed via e-mail link
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.