MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58f1e98f2ea3934a6f3a4669f3f802f3f140972f97ef36bad032023faddc47cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58f1e98f2ea3934a6f3a4669f3f802f3f140972f97ef36bad032023faddc47cd
SHA3-384 hash: a4542a6e379a3386aa8b993db50e7668a8a2a2691629b1c118fb3442c165f8f71e51cbdfb4e0f3b5c52f381f8cbbf0f5
SHA1 hash: 78973fa1c937b3040203e1749e3d34b2ef49333b
MD5 hash: 4f4a40177ea3993675f8b8d2c10d0cd8
humanhash: nine-magnesium-yellow-ceiling
File name:Complaint_233.zip
Download: download sample
Signature Quakbot
Create hunting rule
File size:128'630 bytes
First seen:2020-08-11 13:50:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:F6cenUvN8jiMRwPIqRGbnl/iwrM0UrmH0EnAO9Hm70B:gsvN8Hnp/iwrH0KR9Hm70B
TLSH D6C3124CF576EB5394E6B66F1C9131141233FAAE2783710CCA44FE8194A8CEB3A6715B
Reporter abuse_ch
Tags:Quakbot spx152 zip


Avatar
abuse_ch
Malspam distributing Quakbot:

HELO: premium75-2.web-hosting.com
Sending IP: 198.187.31.225
From: <anum@tesla-pv.com>
Subject: Re: A Biblical Option to Rising Healthcare Costs
Attachment: Complaint_233.zip (contains "Complaint_233.doc")

Quakbot payload URL:
http://denibhelpme.com/pncciwm/1597161079.png

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Doc.Downloader.Generic-8011192-0
Create hunting rule

Sanesecurity.Malware.24682.OffHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/58f1e98f2ea3934a6f3a4669f3f802f3f140972f97ef36bad032023faddc47cd/
Threat name:
Script-Macro.Downloader.Obfuser
Create hunting rule
Status:
Malicious
First seen:
2020-08-11 13:52:06 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ldy6tdzouojuu3z2izu7h6ac6pyubfzps7xtnowqgibd7lo4i7gq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/58f1e98f2ea3934a6f3a4669f3f802f3f140972f97ef36bad032023faddc47cd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Quakbot

zip 58f1e98f2ea3934a6f3a4669f3f802f3f140972f97ef36bad032023faddc47cd

(this sample)

Quakbot

Executable exe 99f851b8bb921318568a9c87ef39bc353c0e3c9af67a8f5078e957f4bb046491

Quakbot

Word file doc 39cd9bd6d501184b00f48c1fd162acf2e513d3b46a391fc56dfaaa2abbc1b9e4

  
URLhaus
https://urlhaus.abuse.ch/url/429360/
  
Dropping
MD5 7aa83b9568c48e952c104b8837b6b961
  
Dropping
Quakbot
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 39cd9bd6d501184b00f48c1fd162acf2e513d3b46a391fc56dfaaa2abbc1b9e4

Comments