MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a6b8763626bdb1f75071647e8efeb1623e24c3031beef34cf47ccd28e6fae0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a6b8763626bdb1f75071647e8efeb1623e24c3031beef34cf47ccd28e6fae0a
SHA3-384 hash: aa3b2b2cfbf9b35669f854959d8588082755d59c3ef66065dc420145080e6e49e7bd583f36032b6ddd9ce31fa4a4e56f
SHA1 hash: a5ff9bfbfcb10acf3c602ba6e5f5ddaf6e98f0ee
MD5 hash: e2e4dd889fe6c0c61496085de4193ca9
humanhash: leopard-tango-utah-stairway
File name:Gallery#1691.iso
Download: download sample
Signature Quakbot
Create hunting rule
File size:1'048'576 bytes
First seen:2022-09-28 12:21:05 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:8ieL1vc1PdFjpmw5qS6xnGWvE/NIg5UT+QD1lNMAxH+wBOlOtHH8D1bYkNy:P81IFnqnvE/5w9MW+wzHH8D1bYkNy
TLSH T141257D23B3800333C2630238AE1F67D9B738A8743B35955139ED895D37669A06B7B7E5
TrID 99.4% (.NULL) null bytes (2048000/1)
0.2% (.ISO) ISO 9660 CD image (5100/59/2)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
Reporter pr0xylife
Tags:1664358901 BB iso pw H322 Qakbot Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
306
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.ISOICEDAllTheWayOut.20220816.UNOFFICIAL
Create hunting rule

TwinWave.EviLNK.ICEDYouLearn.20220914.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/63343c6dc9e2f34354310c2d/reports/9e30fd21-013a-4958-8845-5470b6f6e67d/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3a6b8763626bdb1f75071647e8efeb1623e24c3031beef34cf47ccd28e6fae0a/
Threat name:
Shortcut.Trojan.Jaik
Create hunting rule
Status:
Malicious
First seen:
2022-09-28 12:22:09 UTC
File Type:
Binary (Archive)
Extracted files:
44
AV detection:
9 of 39 (23.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hjvyoy3cnpnr65ihczd6r37lcyr6etbqgg7o6ngpi7gnfdtpvyfa._file
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot botnet:bb campaign:1664358901 banker stealer trojan
Link:
https://tria.ge/reports/220928-pjdfmaghfk/
Behaviour
Enumerates physical storage devices
Malware Config
C2 Extraction:
179.111.23.186:32101
179.251.119.206:995
84.3.85.30:443
39.44.5.104:995
197.41.235.69:995
193.3.19.137:443
186.81.122.168:443
103.173.121.17:443
41.111.118.56:443
102.189.184.12:995
156.199.90.139:443
14.168.180.223:443
41.140.98.37:995
156.205.3.210:993
139.228.33.176:2222
134.35.12.0:443
49.205.197.13:443
131.100.40.13:995
217.165.146.158:993
73.252.27.208:995
82.217.55.20:443
105.184.13.131:995
176.177.136.35:443
180.232.159.9:443
41.68.209.102:995
211.184.61.250:443
186.90.144.235:2222
191.92.125.254:443
41.96.204.133:443
58.186.75.42:443
102.190.190.242:995
85.86.242.245:443
187.193.143.111:443
200.175.173.80:443
197.49.68.15:995
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3a6b8763626bdb1f75071647e8efeb1623e24c3031beef34cf47ccd28e6fae0a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:iso_lnk
Create hunting rule
Author:tdawg

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments