MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46e5f2266fd8afe94d4c447abe8a51d088e3f8a4ea5cf8b22ebc369416997984. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46e5f2266fd8afe94d4c447abe8a51d088e3f8a4ea5cf8b22ebc369416997984
SHA3-384 hash: ee6ec3b590d9081048dbd5bbcd37b20ffe3b85daef3cb42a27a69d2eb231ac9add997d8ed33071e5ad5edc27efc139d8
SHA1 hash: 07dd59f7e81f3e752eac89b7504250ec57caea63
MD5 hash: 3f87a39ef6e5325b566df353d6faa667
humanhash: massachusetts-mike-snake-fanta
File name:XQs3E0aZ.dll
Download: download sample
Signature Quakbot
Create hunting rule
File size:548'352 bytes
First seen:2022-01-31 14:44:17 UTC
Last seen:2022-01-31 16:59:55 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash edc35d61ceebdfca301ba5422ad04ecc (4 x Quakbot, 2 x Matanbuchus, 1 x BelialDropper)
ssdeep 12288:R+CvUhJUun9nVn5uSKoseGqR2LTWEqeOkXtjEymnk:QO3Q5UHLTt3tjdm
Threatray 1 similar samples on MalwareBazaar
TLSH T1F8C48D2AF6D08437E2722A3D8C5B9254A8397E412D295C8D3BE42F8C5F39742376539F
File icon (PE):PE icon
dhash icon 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner)
Reporter JAMESWT_WT
Tags:dll qbot Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
212
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/228501/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.6061.26857.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
DNS request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe greyware keylogger packed
Link:
https://www.filescan.io/uploads/61f7f5f2d9e6538232d7d576/reports/1d8a0842-d114-4b7c-80b8-c5d4173d0ea5/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/52bef577-3d5f-4e28-80c9-90b259e091ed
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/930912
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/46e5f2266fd8afe94d4c447abe8a51d088e3f8a4ea5cf8b22ebc369416997984/
Threat name:
Win32.Trojan.BunituCrypt
Create hunting rule
Status:
Malicious
First seen:
2022-01-31 14:42:42 UTC
File Type:
PE (Dll)
Extracted files:
40
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
e58b9bbb7bcdf3e901453b7b9c9e514fed1e53565e3280353dccc77cde26a98e
Quakbot
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/220131-r4rj4ahddm/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Sets service image path in registry
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
46e5f2266fd8afe94d4c447abe8a51d088e3f8a4ea5cf8b22ebc369416997984
MD5 hash:
3f87a39ef6e5325b566df353d6faa667
SHA1 hash:
07dd59f7e81f3e752eac89b7504250ec57caea63
Link:
https://www.unpac.me/results/9bdcc880-9e3e-4897-8cd0-f035e7efd7ec/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.26
Link:
https://yomi.yoroi.company/submissions/46e5f2266fd8afe94d4c447abe8a51d088e3f8a4ea5cf8b22ebc369416997984

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/228501/

Comments