MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 440d84b5d539d7724898e4127df3d5f0d68cefb5bc14f09b13b2e657a3dc7a08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 3


Intelligence 3 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 440d84b5d539d7724898e4127df3d5f0d68cefb5bc14f09b13b2e657a3dc7a08
SHA3-384 hash: d4a72159264a08bc4b346bf6f5ff6cb169f42032127f370421f3c588432386a0b4043d15d05d6dc6623226adb1a67eee
SHA1 hash: 14b4d220e5690a0ad54888be20b2572b1d640539
MD5 hash: d521ba26433b925fa65e84f6feb0e834
humanhash: delaware-mississippi-seventeen-butter
File name:Pdf7.zip
Download: download sample
Signature Quakbot
Create hunting rule
File size:420'068 bytes
First seen:2022-11-15 12:37:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:kDDFaeUjE6OueT5NUJ6PTRgsCmBmoPwTyytc8CqAEF5ircFsvI4DOnXDXznzsqjY:/wPedsfBhPqygz31KO3w/pwC
TLSH T1E29423B773A5791A818085CF0FF196B763411086C607A207D7ACBAD3EDEC3A4CA66D47
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter pr0xylife
Tags:1668492308 BB06 pw-NG11 Qakbot Quakbot zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
157
Origin country :
IE IE
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:CVEL17.zip
File size:419'898 bytes
SHA256 hash: ac7c1309673ad7a15d5764425e854a4e8606c2f946d17e7a4d3d8160af5ddfbe
MD5 hash: 533588ac7065340fde23cd1865c50085
MIME type:application/zip
Signature Quakbot
Vendor Threat Intelligence
Gathering data
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/440d84b5d539d7724898e4127df3d5f0d68cefb5bc14f09b13b2e657a3dc7a08
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/440d84b5d539d7724898e4127df3d5f0d68cefb5bc14f09b13b2e657a3dc7a08/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iqgyjnovhhlxesey4qjh346v6dliz35vxqkpbgytwltfpi64piea._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Qakbot
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/440d84b5d539d7724898e4127df3d5f0d68cefb5bc14f09b13b2e657a3dc7a08

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PassProtected_ZIP_ISO_file
Create hunting rule
Author:_jc
Description:Detects container formats commonly smuggled through password-protected zips

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments