MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5bb4a3ccf4e566179ed6534df7f9e55315d79298b291126cf060df2f8ba9dd54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 3


Intelligence 3 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5bb4a3ccf4e566179ed6534df7f9e55315d79298b291126cf060df2f8ba9dd54
SHA3-384 hash: ce8e5d2b80f28d8a190f8eeb54cdf7808bbbf16544260ee95071f96344d362c666cbbb07f41eb242f049cddfcbc755b5
SHA1 hash: 34791ed77872a2b841517cda18312df4eeff7dcf
MD5 hash: d62b2ce4c2e5ad6ccaaafbd4ce4abc66
humanhash: timing-video-muppet-snake
File name:C429.zip
Download: download sample
Signature Quakbot
Create hunting rule
File size:560'462 bytes
First seen:2022-10-24 10:01:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: PG1
ssdeep 12288:CrT7ldvMDK5uASNSZ3bBMvB6TsYH6n38Y4p5fwxSovb6Sr0:qdLENShlnTsYH6nMY4pSvbY
TLSH T129C42326B1D7027F00FEEFD98FFB85B937B51643788439C689D4B1BE05EA44A9661C08
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter pr0xylife
Tags:1666347556 BB04 pw PG1 Qakbot Quakbot zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
175
Origin country :
n/a
File Archive Information

This file archive contains 5 file(s), sorted by their relevance:

File name:Copy.lnk
File size:1'785 bytes
SHA256 hash: 13914b2f92f390b9cfa650b6dbf1f66be54454f9dc068590665d2f6ac42ae108
MD5 hash: c69d633f825e5b1de7ed6d7fbd77c76f
MIME type:application/octet-stream
Signature Quakbot
File name:unterraced.png
File size:31'744 bytes
SHA256 hash: 7cd313ecc1ce673ad263c5eaf8d3617a5fa44f545650f6252778b3c4877e8ee5
MD5 hash: 182de3a0dad1362a545f78406f817090
MIME type:image/png
Signature Quakbot
File name:horsemen.txt
File size:293'316 bytes
SHA256 hash: dc735419988e6f09a5e4ff77881237271b1e9d28f269691b5a023fef86ea4180
MD5 hash: 6abe184edd972c6d11ed30bfba74c980
MIME type:text/plain
Signature Quakbot
File name:face.dat
File size:837'040 bytes
SHA256 hash: 4df936e24707cbb9332c99488a20f5fa0f9e0ac5cc3a2ea4d509f3539ea79200
MD5 hash: 07b748d062dc0cb4d510d5178a73c7bd
MIME type:application/x-dosexec
Signature Quakbot
File name:summoner.cmd
File size:492 bytes
SHA256 hash: c5918e8a79bccd6183ac7144eb002611afbe15bd1a87b5737bfacf0ed8bbf57b
MD5 hash: 70fabe77f76c63e9348b0e4c5d2eb495
MIME type:text/x-msdos-batch
Signature Quakbot
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.PKillPWZipISOAllTheSmallThings.20221024.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/5bb4a3ccf4e566179ed6534df7f9e55315d79298b291126cf060df2f8ba9dd54
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5bb4a3ccf4e566179ed6534df7f9e55315d79298b291126cf060df2f8ba9dd54/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lo2khthu4vtbphwwkng7p6pfkmk5peuywkire3hqmdps7c5j3vka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5bb4a3ccf4e566179ed6534df7f9e55315d79298b291126cf060df2f8ba9dd54

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:meth_stackstrings
Create hunting rule
Author:Willi Ballenthin
Rule name:PassProtected_ZIP_ISO_file
Create hunting rule
Author:_jc
Description:Detects container formats commonly smuggled through password-protected zips
Rule name:QakBot
Create hunting rule
Author:kevoreilly
Description:QakBot Payload
Rule name:unpacked_qbot
Create hunting rule
Description:Detects unpacked or memory-dumped QBot samples
Rule name:win_qakbot_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.qakbot.
Rule name:win_qakbot_malped
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.qakbot.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments