MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 3b4de7c37664c56a2b5ba8feef2b41b11fab5e208421d148fe4717fc6da6f4db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 10
| SHA256 hash: | 3b4de7c37664c56a2b5ba8feef2b41b11fab5e208421d148fe4717fc6da6f4db |
|---|---|
| SHA3-384 hash: | b6b16b2f7379a18a911a81c966c888ae0bd390c9ba74e4fe9cd066cee1889044198d8b8b48dcbd65f5221102baaa3d38 |
| SHA1 hash: | e22361d62b04a11667d4f0cf6f468a313707ce41 |
| MD5 hash: | 7c989f9bca28b50ed51bad93c652abc7 |
| humanhash: | violet-batman-winner-queen |
| File name: | 3b4de7c37664c56a2b5ba8feef2b41b11fab5e208421d148fe4717fc6da6f4db |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 1'623'040 bytes |
| First seen: | 2022-02-17 14:17:28 UTC |
| Last seen: | Never |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | da9a8f18f48bd9a95a5a530992ebf8ed (2 x Quakbot) |
| ssdeep | 24576:eTOGL+ITG3Z/pvBKUhcSevXmxRC+YcsDivGfs3O4z94RtuhXUp/HHsPNnFYY22OA:amikC+fsD9kAohkxHHsPNF122S9k2K |
| Threatray | 28 similar samples on MalwareBazaar |
| TLSH | T104757D32B2C1947BC073367C9D6BB299A825BE111D2CCC4D7BD81F4D1F3A6817B2529A |
| File icon (PE): |  |
| dhash icon | 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner) |
| Reporter |  malwarelabnet |
| Tags: | dll obama157 Qakbot Quakbot |
Intelligence
File Origin
# of uploads :
1
# of downloads :
173
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Searching for the window
Сreating synchronization primitives
Launching a process
Modifying an executable file
Searching for synchronization primitives
Creating a process with a hidden window
Creating a window
DNS request
Unauthorized injection to a system process
Enabling autorun by creating a file
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
control.exe greyware keylogger packed qbot
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Qakbot
Verdict:
Malicious
Threat name:
Win32.Trojan.QBot
Status:
Malicious
First seen:
2022-02-17 14:18:12 UTC
File Type:
PE (Dll)
Extracted files:
62
AV detection:
23 of 28 (82.14%)
Threat level:
5/5
Verdict:
malicious
Similar samples:
+ 18 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot botnet:obama157 campaign:1645089451 banker evasion stealer trojan
Behaviour
Checks processor information in registry
Creates scheduled task(s)
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Loads dropped DLL
Qakbot/Qbot
Suspicious use of NtCreateProcessExOtherParentProcess
Windows security bypass
Malware Config
C2 Extraction:
190.73.3.148:2222
217.164.115.166:2222
136.232.34.70:443
92.177.45.46:2078
102.47.31.216:995
217.128.171.34:2222
149.135.101.20:443
105.184.116.32:995
136.143.11.232:443
103.142.10.177:443
197.89.21.163:443
197.92.132.79:443
176.67.56.94:443
66.230.104.103:443
206.217.0.154:995
186.64.87.194:443
47.180.172.159:50010
82.152.39.39:443
140.82.49.12:443
119.158.116.122:995
47.180.172.159:443
209.210.95.228:32100
75.99.168.194:443
103.17.101.139:995
111.125.245.116:995
31.215.206.13:443
116.72.55.13:443
45.241.208.225:995
39.44.150.120:995
39.52.21.207:993
180.233.150.134:995
41.230.62.211:993
180.183.99.37:2222
24.178.196.158:2222
89.101.97.139:443
173.174.216.62:443
182.191.92.203:995
86.98.156.24:32101
103.139.242.30:990
32.221.231.1:443
89.211.179.202:2222
67.209.195.198:443
39.52.21.207:995
69.14.172.24:443
173.220.98.101:443
75.156.151.34:443
1.161.88.84:995
39.53.161.84:995
208.107.221.224:443
2.50.41.69:61200
31.35.28.29:443
176.45.252.83:995
175.137.153.178:443
120.61.1.152:443
189.146.51.56:443
37.211.176.26:61202
217.128.122.65:2222
128.106.122.39:443
102.65.38.67:443
1.161.88.84:443
75.188.35.168:443
74.15.2.252:2222
139.64.13.189:443
217.165.109.191:993
67.165.206.193:993
173.21.10.71:2222
75.99.168.194:61201
73.151.236.31:443
71.74.12.34:443
72.66.116.235:995
70.51.137.204:2222
200.104.16.99:993
108.4.67.252:443
184.149.30.83:2222
190.206.211.182:443
100.1.108.246:443
72.252.201.34:995
86.198.170.170:2222
177.204.115.148:443
70.45.27.254:443
72.252.201.34:990
41.228.22.180:443
96.21.251.127:2222
78.96.235.245:443
76.25.142.196:443
120.150.218.241:995
45.46.53.140:2222
45.9.20.200:443
24.231.158.110:995
24.152.219.253:995
96.246.158.154:995
109.12.111.14:443
217.164.117.243:1194
86.108.123.52:443
196.206.66.89:443
217.164.117.243:2222
107.171.241.236:2222
41.84.233.153:443
89.86.33.217:443
114.79.148.170:443
39.49.125.85:995
5.48.205.15:443
86.98.151.68:995
103.116.178.85:443
78.87.41.5:995
182.176.180.73:443
102.132.145.147:443
47.180.172.159:993
177.205.28.80:443
78.191.55.146:995
86.98.11.110:443
24.53.49.240:443
72.12.115.90:22
139.64.34.193:443
72.12.115.90:995
72.12.115.90:2083
72.12.115.90:990
161.142.54.62:443
72.12.115.90:993
72.12.115.90:2078
72.12.115.90:465
72.12.115.90:3389
72.12.115.90:443
41.205.12.24:443
68.204.7.158:443
117.248.109.38:21
24.222.20.254:443
89.137.52.44:443
67.69.166.79:2222
86.98.55.231:995
122.96.50.104:2222
75.67.73.144:443
73.59.201.174:443
96.37.113.36:993
38.70.253.226:2222
109.51.132.148:995
76.23.237.163:995
220.255.25.1:2222
82.41.63.217:443
86.97.161.184:443
184.100.174.73:443
87.71.18.6:443
218.101.110.3:995
94.60.254.81:443
103.27.22.162:995
217.164.115.166:2222
136.232.34.70:443
92.177.45.46:2078
102.47.31.216:995
217.128.171.34:2222
149.135.101.20:443
105.184.116.32:995
136.143.11.232:443
103.142.10.177:443
197.89.21.163:443
197.92.132.79:443
176.67.56.94:443
66.230.104.103:443
206.217.0.154:995
186.64.87.194:443
47.180.172.159:50010
82.152.39.39:443
140.82.49.12:443
119.158.116.122:995
47.180.172.159:443
209.210.95.228:32100
75.99.168.194:443
103.17.101.139:995
111.125.245.116:995
31.215.206.13:443
116.72.55.13:443
45.241.208.225:995
39.44.150.120:995
39.52.21.207:993
180.233.150.134:995
41.230.62.211:993
180.183.99.37:2222
24.178.196.158:2222
89.101.97.139:443
173.174.216.62:443
182.191.92.203:995
86.98.156.24:32101
103.139.242.30:990
32.221.231.1:443
89.211.179.202:2222
67.209.195.198:443
39.52.21.207:995
69.14.172.24:443
173.220.98.101:443
75.156.151.34:443
1.161.88.84:995
39.53.161.84:995
208.107.221.224:443
2.50.41.69:61200
31.35.28.29:443
176.45.252.83:995
175.137.153.178:443
120.61.1.152:443
189.146.51.56:443
37.211.176.26:61202
217.128.122.65:2222
128.106.122.39:443
102.65.38.67:443
1.161.88.84:443
75.188.35.168:443
74.15.2.252:2222
139.64.13.189:443
217.165.109.191:993
67.165.206.193:993
173.21.10.71:2222
75.99.168.194:61201
73.151.236.31:443
71.74.12.34:443
72.66.116.235:995
70.51.137.204:2222
200.104.16.99:993
108.4.67.252:443
184.149.30.83:2222
190.206.211.182:443
100.1.108.246:443
72.252.201.34:995
86.198.170.170:2222
177.204.115.148:443
70.45.27.254:443
72.252.201.34:990
41.228.22.180:443
96.21.251.127:2222
78.96.235.245:443
76.25.142.196:443
120.150.218.241:995
45.46.53.140:2222
45.9.20.200:443
24.231.158.110:995
24.152.219.253:995
96.246.158.154:995
109.12.111.14:443
217.164.117.243:1194
86.108.123.52:443
196.206.66.89:443
217.164.117.243:2222
107.171.241.236:2222
41.84.233.153:443
89.86.33.217:443
114.79.148.170:443
39.49.125.85:995
5.48.205.15:443
86.98.151.68:995
103.116.178.85:443
78.87.41.5:995
182.176.180.73:443
102.132.145.147:443
47.180.172.159:993
177.205.28.80:443
78.191.55.146:995
86.98.11.110:443
24.53.49.240:443
72.12.115.90:22
139.64.34.193:443
72.12.115.90:995
72.12.115.90:2083
72.12.115.90:990
161.142.54.62:443
72.12.115.90:993
72.12.115.90:2078
72.12.115.90:465
72.12.115.90:3389
72.12.115.90:443
41.205.12.24:443
68.204.7.158:443
117.248.109.38:21
24.222.20.254:443
89.137.52.44:443
67.69.166.79:2222
86.98.55.231:995
122.96.50.104:2222
75.67.73.144:443
73.59.201.174:443
96.37.113.36:993
38.70.253.226:2222
109.51.132.148:995
76.23.237.163:995
220.255.25.1:2222
82.41.63.217:443
86.97.161.184:443
184.100.174.73:443
87.71.18.6:443
218.101.110.3:995
94.60.254.81:443
103.27.22.162:995
Unpacked files
SH256 hash:
585788afc17ad479a8842f33cf7a5647c73bfe1b42c91a53b5b74d507a73c03c
MD5 hash:
d37fc82bf5f7bd0058599043fd31cbcf
SHA1 hash:
6ddb9259dd67869009e3b4c16c645dbce3f03e28
SH256 hash:
9f42a1799d679c9819d9dfb03a270f1db86183be66c7fa14c44e5972a1855854
MD5 hash:
6a5ab3168b1cbabb7f2dc5a0f29a4efe
SHA1 hash:
2178a699f9a5a9d8eeea042f73e38081012f7a9e
SH256 hash:
3b4de7c37664c56a2b5ba8feef2b41b11fab5e208421d148fe4717fc6da6f4db
MD5 hash:
7c989f9bca28b50ed51bad93c652abc7
SHA1 hash:
e22361d62b04a11667d4f0cf6f468a313707ce41
Malware family:
CryptOne
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.