MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3de82b2ddaafc7205365b88a5033be0260b97946dfeb10372b9d4c1db7f59c22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3de82b2ddaafc7205365b88a5033be0260b97946dfeb10372b9d4c1db7f59c22
SHA3-384 hash: a907d5cb5f939e862c5f81c0030b0a0533f007e3af5f27d3fa839fd075c2255d54c2a5a72b6a7b31d425b5078af8a26f
SHA1 hash: 27bcfb8e13b947d76eec119e61a3370915cc74c3
MD5 hash: fb7023aae56fff317f65c1e8663f6a0d
humanhash: failed-tennessee-william-bulldog
File name:index3.dll
Download: download sample
Signature Quakbot
Create hunting rule
File size:667'639 bytes
First seen:2023-02-01 18:22:19 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash ba10210792cf2849761b9bb94eae1772 (8 x Quakbot)
ssdeep 12288:ubjQRl3iZwl3JBrySD9CkkqC28DWl0RJK2LgAN4c1DZx+vaPpsnRlO3+u:uHWZiZCCMCkkbRDeSjcjc1DZUyBsRc
TLSH T1E0E49D01EA4399BACD5713714263F72F1739E7A0A43ACBCB9A9C1C29DD139E1B64D306
TrID 29.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
18.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.7% (.FON) Windows Font (5545/9/1)
8.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter 604Kuzushi
Tags:dll Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
212
Origin country :
DE DE
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/359222/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
anti-debug overlay packed spyeye
Link:
https://www.filescan.io/uploads/63daae0696add6d1cf497042/reports/5949ed97-d625-4582-b30d-fb7b23706284/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/80583511-05c2-4a97-af0e-375b20f2651f
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
6 / 100
Link:
https://www.joesandbox.com/analysis/1163524
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3de82b2ddaafc7205365b88a5033be0260b97946dfeb10372b9d4c1db7f59c22/
Threat name:
Win32.Spyware.Bobik
Create hunting rule
Status:
Malicious
First seen:
2023-02-01 18:23:05 UTC
File Type:
PE (Dll)
AV detection:
9 of 26 (34.62%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hxucwlo2v7dsau3fxcffam56ajqls6kg37vranzltvgb3n7vtqra._file
Verdict:
malicious
Label(s):
qakbot
Create hunting rule
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230201-w1fqmsbb95/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
3de82b2ddaafc7205365b88a5033be0260b97946dfeb10372b9d4c1db7f59c22
MD5 hash:
fb7023aae56fff317f65c1e8663f6a0d
SHA1 hash:
27bcfb8e13b947d76eec119e61a3370915cc74c3
Link:
https://www.unpac.me/results/ab3aa411-c41f-47c5-9386-eb33a3875083/
Malware family:
QBot
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/3de82b2ddaaf/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/3de82b2ddaafc7205365b88a5033be0260b97946dfeb10372b9d4c1db7f59c22

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/359222/

Comments