MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4079d54f5c4100ef3682a39477a9213c6a47df60263adc8b6e40cf76a22981bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4079d54f5c4100ef3682a39477a9213c6a47df60263adc8b6e40cf76a22981bc
SHA3-384 hash: 7070e59227d7a7c79c42128a938e7b70aea498c879ca9b1c6c8c326df7ce03876ea76a9c728b3e8d451312daf17a3066
SHA1 hash: a0a3777830e2056bc5eb5d87c0e1001bf6850229
MD5 hash: 7ae4578c1c84194a31ec37bcd8b59925
humanhash: fruit-equal-tango-carolina
File name:7ae4578c1c84194a31ec37bcd8b59925.dll
Download: download sample
Signature Quakbot
Create hunting rule
File size:861'371 bytes
First seen:2021-04-15 15:00:55 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 12288:NJFPIxFwurnmBHqSppmWsApnZc0Bj0kxhgjR3xhGwQ9UzMZuJqWUe1qAT2BhHTE:NvUmuTOq0mWsw5m04Rej8AuJ31g8
Threatray 2 similar samples on MalwareBazaar
TLSH 28055A36F193C437D4333A7CDE6B91A8A8267E121D38A45A7BE40E0C5F3D681392D6D6
Reporter abuse_ch
Tags:dll Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Midie-9852010-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4079d54f5c4100ef3682a39477a9213c6a47df60263adc8b6e40cf76a22981bc/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2021-04-14 01:50:23 UTC
AV detection:
8 of 29 (27.59%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ib45kt24ieao6nucuokhpkjbhrvepx3aey5nzc3oidhxnirjqg6a._file
Verdict:
suspicious
Similar samples:
1b5b729d7d3c954efe6f4c43c2f70d130d7305b073b851bfb119c6c84a473599
Quakbot
2c94a7e8ffd221e0d563d8ccc9252b70cea56388ebd9b4441f9a728fa4020507
Quakbot
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210415-jw33t4phwn/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
4079d54f5c4100ef3682a39477a9213c6a47df60263adc8b6e40cf76a22981bc
MD5 hash:
7ae4578c1c84194a31ec37bcd8b59925
SHA1 hash:
a0a3777830e2056bc5eb5d87c0e1001bf6850229
Link:
https://www.unpac.me/results/37e4c37d-4322-4cd8-b48c-f5b433c076ca/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4079d54f5c4100ef3682a39477a9213c6a47df60263adc8b6e40cf76a22981bc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

DLL dll 4079d54f5c4100ef3682a39477a9213c6a47df60263adc8b6e40cf76a22981bc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1102799/
  
Delivery method
Distributed via web download

Comments