MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 501f753fad0f590197b6edacf61c5f60237a2a7e1f414221cc5054195afa53c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	501f753fad0f590197b6edacf61c5f60237a2a7e1f414221cc5054195afa53c0
SHA3-384 hash:	b041004397eb0472cdcb8451e8a30e38e8c96ba46f0c06947618f68d10f0bf4b12f15d3d539e254ae2b4edab3274f2db
SHA1 hash:	8b58b430dfc59d7354e0e636ad4bd5ce20b193c9
MD5 hash:	e5b5c2338a9b847633b479314977501b
humanhash:	zulu-quebec-december-twelve
File name:	buttoning.dll
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	1'217'344 bytes
First seen:	2022-12-20 18:34:05 UTC
Last seen:	2022-12-20 20:30:43 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	290cad5b94deff5e8979efae9fbf9af1 (4 x Quakbot)
ssdeep	24576:lKbbqQlR990zhBs7tl+vJtzsJPwfwXR1F0yvc8NTmIg9EcjXdD:lKXqQx901gcDsJPwfwXfFxvFnQF
Threatray	1'869 similar samples on MalwareBazaar
TLSH	T1B745E72BE20790FAC54337B30647A5DF3228A715C4347F6EAD9C0C58F736A41A96E267
TrID	32.2% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 20.5% (.EXE) Win64 Executable (generic) (10523/12/4) 12.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 9.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	proxylife
Tags:	1671543355 BB11 dll Qakbot Quakbot

Intelligence

File Origin

# of uploads :

2

# of downloads :

212

Origin country :

UA

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/348479/

Detection(s):

SecuriteInfo.com.Trojan.Win32.Qakbot.SAH.MTB.9263.1565.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

anti-debug anti-vm overlay packed

Link:

https://www.filescan.io/uploads/63a2005865c158b49568115d/reports/2ee2277c-18c8-4654-8c93-6dcab62aef1e/overview

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/e6c2e19a-bab5-4caf-8750-bb8b280d2514

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

5 / 100

Link:

https://www.joesandbox.com/analysis/1138181

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/501f753fad0f590197b6edacf61c5f60237a2a7e1f414221cc5054195afa53c0/

Threat name:

Win32.Backdoor.Quakbot

Status:

Malicious

First seen:

2022-12-20 18:35:08 UTC

File Type:

PE (Dll)

AV detection:

8 of 26 (30.77%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kapxkp5nb5mqdf5w5wwpmhc7marxukt6d5aueiomkbkbswx2kpaa._file

Verdict:

malicious

Label(s):

qakbot

Similar samples:

30ba48c675fe81437d78a25384a4c07e357577a58fe63cea022f0847e61e71b1

329732f00e782c5c2512f83db2d07c4b26364298cde645f4fd7adca2f27c00bd

457482f12d66c77f8d15a55fa52fe75ce54ffb292bd96440dde97a5f769c1eb9

4a6fa75896f4dca8e3ad9c5024037b10b61bd4a723819aaf0ea941f37a763411

69d829b1dc15636a01b783fe04179165fd7f28bc11393782bbdbdfd77619e785

855e478e4b59dafee6a223500c4a6b5650fab00f05442bd8161375dfe9b51858

96d2f4131542e1b4a6e9bba0bf3807008cb8340e7d247b464fdbebe11031d9e2

c2818a0dde04b70ce0f01342df88b2d01c2ab0fced4e94fdc1254bf505325bf6

ce81b2ab0a243fe8e85a249b0f425007d858d7e9cc7e65af5d2f9e68efb5e5d0

+ 1'859 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/221220-w8b3esdg3z/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

501f753fad0f590197b6edacf61c5f60237a2a7e1f414221cc5054195afa53c0

MD5 hash:

e5b5c2338a9b847633b479314977501b

SHA1 hash:

8b58b430dfc59d7354e0e636ad4bd5ce20b193c9

Link:

https://www.unpac.me/results/a9b8bda6-2908-452f-bc42-1bb002b7e30b/

Malware family:

QBot

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/501f753fad0f/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/501f753fad0f590197b6edacf61c5f60237a2a7e1f414221cc5054195afa53c0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/348479/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample