MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a
SHA3-384 hash:	f91c1c29da14574efa4ecb45a910baca42e1694c6288d505d6f6ab44f424cc64e35254432eb18e4868f6c5942cca10f9
SHA1 hash:	07a99718631d3244f984cf2c124e762f05f4f867
MD5 hash:	2be2cd393a9d7578131fe5eabb99783f
humanhash:	kentucky-ohio-failed-jersey
File name:	fd.dll
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	313'224 bytes
First seen:	2023-02-17 10:44:22 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	7be7a3567658ecc96c7ff1ad89521da5 (1 x Quakbot)
ssdeep	6144:kpM9pxmZSH9Zr2gHttAu1ly45YlZ4VHlE4dplW4BKlN4k1GGeH0IALPdpABjx62r:kp8xmZSH9Zr2gHttAu1ly45YlZ4VHlEo
Threatray	1'964 similar samples on MalwareBazaar
TLSH	T1A9647D17E10391B6C8573BB31A1B94EF3254E70180306F6EEEAC4D24F33A5219A7967B
TrID	37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 12.7% (.EXE) Win64 Executable (generic) (10523/12/4) 7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter	pr0xylife
Tags:	1676480611 BB15 dll Qakbot Quakbot

Intelligence

File Origin

# of uploads :

1

# of downloads :

247

Origin country :

US

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/367624/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

80%

Tags:

anti-debug anti-vm greyware overlay packed

Link:

https://www.filescan.io/uploads/63ef5ab2c7a082600e4666d3/reports/bb4f5a9a-d9b2-42d5-a3eb-076406203526/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_60%

Link:

https://www.hybrid-analysis.com/sample/6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/9a932080-dfa6-415a-ac99-c7db3f22b487

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

6 / 100

Link:

https://www.joesandbox.com/analysis/1177858

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a/

Threat name:

Win32.Backdoor.Quakbot

Status:

Malicious

First seen:

2023-02-17 10:45:07 UTC

File Type:

PE (Dll)

Extracted files:

1

AV detection:

8 of 25 (32.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=n6mrohevvdwv2blo5ojdjw564er2n6k7jannbyfjm2v5fbcpbyna._file

Verdict:

malicious

Label(s):

qakbot

Similar samples:

402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4

5d139b4f25ad0cbc6e9a81573520519a70079581869f63fce35434e7b095a4b4

88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8

e16e0faae0e9851a782d026f6692e34a9c7bae14c545aa8ac1e1ef033dfd06a8

e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328

+ 1'954 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/230217-mtds2aee6w/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a

MD5 hash:

2be2cd393a9d7578131fe5eabb99783f

SHA1 hash:

07a99718631d3244f984cf2c124e762f05f4f867

Link:

https://www.unpac.me/results/cf340dc1-e634-47f9-af25-a6ff97b160a5/

Malware family:

QBot

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/6f99171c95a8/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/367624/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample