MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f919b98fe0692407761b9fbc869cfd47cecf3d7386ae340a16f04af4673c2ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f919b98fe0692407761b9fbc869cfd47cecf3d7386ae340a16f04af4673c2ba
SHA3-384 hash: 0d12d7df19b6b8ef953cdd0559948a9303ee5616718ebfe63abddc5023d8516f27fdf42663e61c191d96193c9adbaf41
SHA1 hash: 040aecd723be3d1660473cf075c641d80f3ea19e
MD5 hash: 37c3245c8ae6b76f1394210ed66af190
humanhash: uniform-video-finch-cola
File name:49911.dat.dll
Download: download sample
Signature Quakbot
Create hunting rule
File size:1'761'280 bytes
First seen:2023-02-03 14:38:46 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash a3432b773266dde6a100dba767517009 (9 x Quakbot)
ssdeep 24576:zrj3nPW3ednWPiT8VTBqcATV8KIyydLXGcq8z+0uaEYmgEJ/tc1:T3nCeCiT8aHxyM18z+XatEJ1
Threatray 3'040 similar samples on MalwareBazaar
TLSH T12785AD1242CC129AF14D3B78243C1F7FD3BBB7A87B19634E9654B8A9AFAB7D34115600
TrID 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.7% (.EXE) Win64 Executable (generic) (10523/12/4)
7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon 0000000000000000 (872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer)
Reporter James_inthe_box
Tags:dll Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
210
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/359945/
Result
Verdict:
Clean
Maliciousness:
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
greyware packed shell32.dll
Link:
https://www.filescan.io/uploads/63dd1c871c9cbf7d62559b75/reports/542dccf2-cbd1-45ac-a76c-24d203a0dc24/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/5f919b98fe0692407761b9fbc869cfd47cecf3d7386ae340a16f04af4673c2ba
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/07cffb4d-65cd-4039-b55b-e40cf0c6e978
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1165173
Signature
Sigma detected: Execute DLL with spoofed extension
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 797949 Sample: 49911.dat.dll Startdate: 03/02/2023 Architecture: WINDOWS Score: 48 41 Sigma detected: Execute DLL with spoofed extension 2->41 8 loaddll32.exe 1 2->8         started        process3 process4 10 rundll32.exe 8->10         started        12 cmd.exe 1 8->12         started        14 rundll32.exe 8->14         started        16 7 other processes 8->16 process5 18 MpCmdRun.exe 10->18         started        20 WerFault.exe 9 10->20         started        22 rundll32.exe 12->22         started        24 WerFault.exe 20 9 14->24         started        27 WerFault.exe 9 16->27         started        29 WerFault.exe 16->29         started        31 WerFault.exe 16->31         started        33 2 other processes 16->33 dnsIp6 35 conhost.exe 18->35         started        37 WerFault.exe 5 9 22->37         started        39 192.168.2.1 unknown unknown 24->39 process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5f919b98fe0692407761b9fbc869cfd47cecf3d7386ae340a16f04af4673c2ba/
Threat name:
Win32.Trojan.BotX
Create hunting rule
Status:
Malicious
First seen:
2023-02-03 14:36:40 UTC
File Type:
PE (Dll)
Extracted files:
4
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l6izxgh6a2jea53bxh54q2op2r6oz46xhbvogqfbn4ck6rttyk5a._file
Verdict:
malicious
Label(s):
qakbot
Create hunting rule
Similar samples:
1b1a6b891687bea71774e3f1776b73fee79602f960eb9cae891ad2c5acb277cf
Quakbot
26a5c35034800e786a979358b4cd86cc15ddef9abdf711fd2d3cd38ba59ee4c2
Quakbot
284f0fabbdfc1172cb1cbf74473321668c4b31789d93158669f6735bec124817
Quakbot
2e698c8ff8399eaf27d2dda8fed11d151fcf4d723715468fe1dcc298ac32aa36
Quakbot
3de82b2ddaafc7205365b88a5033be0260b97946dfeb10372b9d4c1db7f59c22
Quakbot
57f86a03dcb2a9ebdd6d7184201cef6ba9d70f57aa524682857d4e7a27ec57ae
Quakbot
845900fb58adf3e8b086c9517dfc5deeaefb5e6be80606b8e93c21502d2fe44c
Quakbot
c259bf6cdeab63308fdcd798420eb4cc01505602210388a17d8b276112fd3956
Quakbot
cfef52c6925ba86878bf04f20ad3561de1f0bd0bec7a3719a677c397a29bd934
Quakbot
e0258e4d45a488bfa45356a5bc55080d7ecc273cd0c1cb7556960427fba9c23f
Quakbot
+ 3'030 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230203-r1ageabc8t/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
5f919b98fe0692407761b9fbc869cfd47cecf3d7386ae340a16f04af4673c2ba
MD5 hash:
37c3245c8ae6b76f1394210ed66af190
SHA1 hash:
040aecd723be3d1660473cf075c641d80f3ea19e
Link:
https://www.unpac.me/results/8d97b707-8847-4060-a78a-2567cb9231f5/
Malware family:
QBot
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/5f919b98fe06/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5f919b98fe0692407761b9fbc869cfd47cecf3d7386ae340a16f04af4673c2ba

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/359945/

Comments