MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 329732f00e782c5c2512f83db2d07c4b26364298cde645f4fd7adca2f27c00bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 11
| SHA256 hash: | 329732f00e782c5c2512f83db2d07c4b26364298cde645f4fd7adca2f27c00bd |
|---|---|
| SHA3-384 hash: | b954057357e16f8de57dabb50cc8a090ec2cda2ecdd44cd39c54330092fd28ce63789e43154a3bd20e9bdeb36ab7f270 |
| SHA1 hash: | ff07d0fa8dc8932fc9918ee4399a6c3c9b25771d |
| MD5 hash: | 23955f66ed321efad6b9e8c9aeb03798 |
| humanhash: | idaho-oregon-friend-skylark |
| File name: | desktop.dat |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 669'696 bytes |
| First seen: | 2022-12-13 18:21:50 UTC |
| Last seen: | 2022-12-13 19:34:34 UTC |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | 45c8c5e5df012fd9d37ff4541c3bbb54 (2 x Quakbot) |
| ssdeep | 12288:PNAvOsg8TwL9VKqov4pEZ8R6YGN3VVH1C:VIOsnTK4BIEO6YkV |
| Threatray | 2'370 similar samples on MalwareBazaar |
| TLSH | T198E4B022C9E5DF92C51978FE81BA9B984D46619277233B7B0330D65AF0732418F127BB |
| TrID | 40.3% (.EXE) Win64 Executable (generic) (10523/12/4) 19.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 17.2% (.EXE) Win32 Executable (generic) (4505/5/1) 7.7% (.EXE) OS/2 Executable (generic) (2029/13) 7.6% (.EXE) Generic Win/DOS Executable (2002/3) |
| Reporter |  pr0xylife |
| Tags: | 1670918350 BB10 dll Qakbot Quakbot |
Intelligence
File Origin
# of uploads :
2
# of downloads :
219
Origin country :
CAVendor Threat Intelligence
Detection:
QakBot
Detection(s):
Result
Verdict:
Clean
Maliciousness:
Behaviour
Searching for the window
Verdict:
No Threat
Threat level:
2/10
Confidence:
100%
Tags:
greyware
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Qakbot
Verdict:
Malicious
Threat name:
Win32.Backdoor.Quakbot
Status:
Malicious
First seen:
2022-12-13 18:22:09 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
17 of 26 (65.38%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
qakbot
Similar samples:
+ 2'360 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot botnet:bb10 campaign:1670918350 banker stealer trojan
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Qakbot/Qbot
Malware Config
C2 Extraction:
76.100.159.250:443
83.92.85.93:443
149.126.159.106:443
50.68.204.71:995
47.41.154.250:443
24.206.27.39:443
93.147.235.8:443
12.172.173.82:995
184.68.116.146:2222
74.83.128.70:2083
73.161.176.218:443
108.6.249.139:443
79.13.202.140:443
82.9.210.36:443
90.66.229.185:2222
84.35.26.14:995
37.56.111.49:995
92.186.69.229:2222
50.68.204.71:443
71.31.101.183:443
46.10.198.106:443
199.83.165.233:443
2.98.146.106:995
45.152.16.14:443
89.129.109.27:2222
90.104.22.28:2222
72.80.7.6:995
84.215.202.22:443
174.77.209.5:443
213.67.255.57:2222
108.162.6.34:443
31.167.254.199:995
87.202.101.164:50000
41.231.232.134:995
86.130.9.250:2222
109.136.130.9:2222
50.68.204.71:993
184.176.154.83:995
92.207.132.174:2222
142.161.27.232:2222
190.133.232.250:443
70.55.120.16:2222
69.133.162.35:443
12.172.173.82:21
90.89.95.158:2222
181.118.183.50:443
90.194.186.175:443
103.144.201.62:2078
150.107.231.59:2222
109.159.118.162:2222
47.34.30.133:443
86.225.214.138:2222
66.90.198.204:443
184.68.116.146:2078
124.122.55.7:443
176.142.207.63:443
198.2.51.242:993
73.36.196.11:443
86.98.23.199:443
176.151.15.101:443
181.164.194.223:443
92.154.17.149:2222
184.68.116.146:61202
77.124.17.122:443
162.248.14.107:443
24.228.132.224:2222
88.126.94.4:50000
174.104.184.149:443
80.44.148.126:2222
12.172.173.82:22
75.98.154.19:443
24.142.218.202:443
70.77.116.233:443
188.24.214.226:443
109.11.175.42:2222
74.92.243.113:50000
12.172.173.82:50001
76.20.42.45:443
190.24.45.24:995
91.254.230.18:443
49.175.72.56:443
12.172.173.82:20
75.99.125.236:2222
74.66.134.24:443
172.90.139.138:2222
173.239.94.212:443
91.169.12.198:32100
24.71.120.191:443
103.71.21.107:443
66.191.69.18:995
121.121.100.148:995
78.101.91.215:2222
98.145.23.67:443
12.172.173.82:990
197.94.86.141:443
197.0.32.186:443
91.68.227.219:443
12.172.173.82:993
190.199.126.108:993
173.18.126.3:443
100.36.249.75:995
92.24.200.226:995
184.153.132.82:443
69.119.123.159:2222
70.64.77.115:443
81.229.117.95:2222
216.160.116.140:2222
92.189.214.236:2222
70.115.104.126:995
98.147.155.235:443
184.68.116.146:3389
73.230.28.7:443
102.40.202.189:995
103.141.50.151:995
86.99.14.46:2222
86.96.75.237:2222
12.172.173.82:465
83.92.85.93:443
149.126.159.106:443
50.68.204.71:995
47.41.154.250:443
24.206.27.39:443
93.147.235.8:443
12.172.173.82:995
184.68.116.146:2222
74.83.128.70:2083
73.161.176.218:443
108.6.249.139:443
79.13.202.140:443
82.9.210.36:443
90.66.229.185:2222
84.35.26.14:995
37.56.111.49:995
92.186.69.229:2222
50.68.204.71:443
71.31.101.183:443
46.10.198.106:443
199.83.165.233:443
2.98.146.106:995
45.152.16.14:443
89.129.109.27:2222
90.104.22.28:2222
72.80.7.6:995
84.215.202.22:443
174.77.209.5:443
213.67.255.57:2222
108.162.6.34:443
31.167.254.199:995
87.202.101.164:50000
41.231.232.134:995
86.130.9.250:2222
109.136.130.9:2222
50.68.204.71:993
184.176.154.83:995
92.207.132.174:2222
142.161.27.232:2222
190.133.232.250:443
70.55.120.16:2222
69.133.162.35:443
12.172.173.82:21
90.89.95.158:2222
181.118.183.50:443
90.194.186.175:443
103.144.201.62:2078
150.107.231.59:2222
109.159.118.162:2222
47.34.30.133:443
86.225.214.138:2222
66.90.198.204:443
184.68.116.146:2078
124.122.55.7:443
176.142.207.63:443
198.2.51.242:993
73.36.196.11:443
86.98.23.199:443
176.151.15.101:443
181.164.194.223:443
92.154.17.149:2222
184.68.116.146:61202
77.124.17.122:443
162.248.14.107:443
24.228.132.224:2222
88.126.94.4:50000
174.104.184.149:443
80.44.148.126:2222
12.172.173.82:22
75.98.154.19:443
24.142.218.202:443
70.77.116.233:443
188.24.214.226:443
109.11.175.42:2222
74.92.243.113:50000
12.172.173.82:50001
76.20.42.45:443
190.24.45.24:995
91.254.230.18:443
49.175.72.56:443
12.172.173.82:20
75.99.125.236:2222
74.66.134.24:443
172.90.139.138:2222
173.239.94.212:443
91.169.12.198:32100
24.71.120.191:443
103.71.21.107:443
66.191.69.18:995
121.121.100.148:995
78.101.91.215:2222
98.145.23.67:443
12.172.173.82:990
197.94.86.141:443
197.0.32.186:443
91.68.227.219:443
12.172.173.82:993
190.199.126.108:993
173.18.126.3:443
100.36.249.75:995
92.24.200.226:995
184.153.132.82:443
69.119.123.159:2222
70.64.77.115:443
81.229.117.95:2222
216.160.116.140:2222
92.189.214.236:2222
70.115.104.126:995
98.147.155.235:443
184.68.116.146:3389
73.230.28.7:443
102.40.202.189:995
103.141.50.151:995
86.99.14.46:2222
86.96.75.237:2222
12.172.173.82:465
Unpacked files
SH256 hash:
838aae94ac64b122ac6a4b142c2e80d873588dfdfbb33620a0c932663a1848f7
MD5 hash:
379e51fad3ff34c1f7443954e087fffe
SHA1 hash:
d2be550c9e02324dda9e076d7552d815a865f3ac
SH256 hash:
55c60bcbdf192146d74da53e868f32e06bdd098880c6879eba20b5788c1cf983
MD5 hash:
22f1cac103599c86d98523bd2ca958f6
SHA1 hash:
9cc88b762e027d0c8b429e756e4e6518481d3773
Detections:
Qakbot
win_qakbot_auto
SH256 hash:
329732f00e782c5c2512f83db2d07c4b26364298cde645f4fd7adca2f27c00bd
MD5 hash:
23955f66ed321efad6b9e8c9aeb03798
SHA1 hash:
ff07d0fa8dc8932fc9918ee4399a6c3c9b25771d
Malware family:
QBot
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.