MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 6aff6f1dabb7e1211a1c1726fb2ba8c0d67f580c4c4008a2082154246665f031. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 10
| SHA256 hash: | 6aff6f1dabb7e1211a1c1726fb2ba8c0d67f580c4c4008a2082154246665f031 |
|---|---|
| SHA3-384 hash: | 15a78b14ac80a02d36c4443066199936fed781c0d7c3c276851a0856dd8e0676658dff6a2e98b02d3ac189b0ebd4decc |
| SHA1 hash: | 8dc3fe2aed0f3a251b9efe6fa5522fee2b4605cd |
| MD5 hash: | 4ccba1aae3e03bd8598b781ee11306dd |
| humanhash: | eight-mobile-hawaii-nine |
| File name: | pantries.asc |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 598'016 bytes |
| First seen: | 2022-10-18 14:53:05 UTC |
| Last seen: | Never |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | f599b6f39c4199efc636d6c6956ca27a (5 x Quakbot) |
| ssdeep | 12288:HZBs6eUwpkdFC7dStewcZWOcRzrXugaJJkPcpF:5+UwWFew2Drk |
| Threatray | 1'551 similar samples on MalwareBazaar |
| TLSH | T18BD4BF0095851DF1D18ED57FB97FEC9AC62922B5FF12678B35488258B5E23C1DF0270A |
| TrID | 32.2% (.EXE) Win64 Executable (generic) (10523/12/4) 20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 15.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 13.7% (.EXE) Win32 Executable (generic) (4505/5/1) 6.2% (.EXE) OS/2 Executable (generic) (2029/13) |
| Reporter |  pr0xylife |
| Tags: | dll obama214 Qakbot Quakbot |
Intelligence
File Origin
# of uploads :
1
# of downloads :
279
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Result
Verdict:
Suspicious
Maliciousness:
Behaviour
Сreating synchronization primitives
Launching a process
Searching for synchronization primitives
Modifying an executable file
Creating a window
Sending a custom TCP request
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
greyware
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Threat name:
Win32.Backdoor.Quakbot
Status:
Malicious
First seen:
2022-10-18 13:46:52 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 26 (84.62%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
qakbot
Similar samples:
+ 1'541 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot botnet:obama214 campaign:1666019778 banker stealer trojan
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Qakbot/Qbot
Malware Config
C2 Extraction:
105.96.221.136:443
37.37.80.2:3389
105.154.56.232:995
41.107.116.19:443
105.103.52.189:443
159.192.204.135:443
41.107.58.251:443
177.152.65.142:443
102.47.218.41:443
176.45.35.243:443
70.173.248.13:443
102.159.77.134:995
220.123.29.76:443
82.12.196.197:443
103.156.237.71:443
149.126.159.254:443
176.44.119.153:443
181.56.171.3:995
190.205.229.67:2222
151.251.50.117:443
163.182.177.80:443
72.21.109.1:443
41.101.92.195:443
190.193.180.228:443
190.204.112.207:2222
41.97.56.102:443
41.69.209.76:443
190.78.89.157:993
206.1.216.19:2087
85.242.200.96:443
41.251.219.50:443
105.111.141.73:443
41.103.64.82:443
190.39.218.17:443
84.220.13.28:443
190.100.149.122:995
197.1.19.60:443
196.64.70.216:443
196.89.213.40:995
181.168.145.94:443
187.101.200.186:995
41.105.245.174:443
179.25.144.177:995
78.179.135.247:443
94.52.127.44:443
186.18.210.16:443
102.158.215.180:443
78.183.238.79:443
197.1.50.150:443
42.189.32.186:80
167.58.235.5:443
14.54.83.15:443
187.198.8.241:443
71.239.12.136:443
112.70.141.221:443
37.245.136.135:2222
88.232.10.69:443
41.98.250.65:443
82.205.9.34:443
196.64.239.75:443
37.8.68.1:443
197.1.248.244:443
197.2.139.7:443
79.45.134.162:22
182.183.211.163:995
154.246.14.94:443
144.86.17.168:443
182.185.29.69:995
160.177.47.116:6881
181.197.41.173:443
160.248.194.147:443
85.109.221.97:443
125.25.77.249:995
1.20.185.138:443
91.171.72.214:32100
197.10.195.7:443
45.160.33.163:443
202.170.206.61:995
96.9.66.118:995
132.251.244.227:443
113.188.13.246:443
78.181.39.116:443
1.53.101.75:443
197.202.173.111:443
31.201.40.194:443
197.116.178.224:443
79.155.159.177:443
181.188.164.123:443
156.221.50.226:995
41.251.15.7:990
45.240.140.233:995
102.188.91.158:995
189.243.187.76:443
179.105.182.216:995
196.65.230.248:995
181.141.3.126:443
128.234.26.174:995
78.161.194.147:443
78.101.177.210:443
86.217.167.235:2222
37.37.80.2:3389
105.154.56.232:995
41.107.116.19:443
105.103.52.189:443
159.192.204.135:443
41.107.58.251:443
177.152.65.142:443
102.47.218.41:443
176.45.35.243:443
70.173.248.13:443
102.159.77.134:995
220.123.29.76:443
82.12.196.197:443
103.156.237.71:443
149.126.159.254:443
176.44.119.153:443
181.56.171.3:995
190.205.229.67:2222
151.251.50.117:443
163.182.177.80:443
72.21.109.1:443
41.101.92.195:443
190.193.180.228:443
190.204.112.207:2222
41.97.56.102:443
41.69.209.76:443
190.78.89.157:993
206.1.216.19:2087
85.242.200.96:443
41.251.219.50:443
105.111.141.73:443
41.103.64.82:443
190.39.218.17:443
84.220.13.28:443
190.100.149.122:995
197.1.19.60:443
196.64.70.216:443
196.89.213.40:995
181.168.145.94:443
187.101.200.186:995
41.105.245.174:443
179.25.144.177:995
78.179.135.247:443
94.52.127.44:443
186.18.210.16:443
102.158.215.180:443
78.183.238.79:443
197.1.50.150:443
42.189.32.186:80
167.58.235.5:443
14.54.83.15:443
187.198.8.241:443
71.239.12.136:443
112.70.141.221:443
37.245.136.135:2222
88.232.10.69:443
41.98.250.65:443
82.205.9.34:443
196.64.239.75:443
37.8.68.1:443
197.1.248.244:443
197.2.139.7:443
79.45.134.162:22
182.183.211.163:995
154.246.14.94:443
144.86.17.168:443
182.185.29.69:995
160.177.47.116:6881
181.197.41.173:443
160.248.194.147:443
85.109.221.97:443
125.25.77.249:995
1.20.185.138:443
91.171.72.214:32100
197.10.195.7:443
45.160.33.163:443
202.170.206.61:995
96.9.66.118:995
132.251.244.227:443
113.188.13.246:443
78.181.39.116:443
1.53.101.75:443
197.202.173.111:443
31.201.40.194:443
197.116.178.224:443
79.155.159.177:443
181.188.164.123:443
156.221.50.226:995
41.251.15.7:990
45.240.140.233:995
102.188.91.158:995
189.243.187.76:443
179.105.182.216:995
196.65.230.248:995
181.141.3.126:443
128.234.26.174:995
78.161.194.147:443
78.101.177.210:443
86.217.167.235:2222
Unpacked files
SH256 hash:
1d80f42feab51304ad3a065f001ac38bafde1c415e0d570459cff1e6a0b3ee8d
MD5 hash:
190ec61e2c41d3fced699b9b7384f738
SHA1 hash:
dca5becc339885f7707e08af9c369e56a8cad3af
SH256 hash:
768d5ed6df473e9ee18e9503c1744b0aa6694ec5bcb021dca48abcd896821266
MD5 hash:
07a513157c45df4eb72ec50932573d12
SHA1 hash:
bb7116ff93550d2980a646d3bb56bb958ec7de9c
Detections:
Qakbot
win_qakbot_auto
SH256 hash:
6aff6f1dabb7e1211a1c1726fb2ba8c0d67f580c4c4008a2082154246665f031
MD5 hash:
4ccba1aae3e03bd8598b781ee11306dd
SHA1 hash:
8dc3fe2aed0f3a251b9efe6fa5522fee2b4605cd
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.