MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 713207d9d9875ec88d2f3a53377bf8c2d620147a4199eb183c13a7e957056432. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	713207d9d9875ec88d2f3a53377bf8c2d620147a4199eb183c13a7e957056432
SHA3-384 hash:	fa01b08eb59144c080c4ac3e40a98fb9fe6f4c6e86c6a8d7dd29d93c76ec63380d6e5b2016e009399d673ea2274d8cbe
SHA1 hash:	775aade0dcb211dbcdb896e42fa8ce95752b9081
MD5 hash:	eee61c02f9ea05a0ad6a43d513a37a1b
humanhash:	golf-rugby-princess-ink
File name:	86607.dat
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	1'761'280 bytes
First seen:	2023-02-07 03:59:19 UTC
Last seen:	2023-02-07 05:31:49 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	a3432b773266dde6a100dba767517009 (9 x Quakbot)
ssdeep	24576:zrw3nPW3ednWPiT8VTBqcATV8KIyydLXGcq8z+0uaEYmgEJ/tc1:g3nCeCiT8aHxyM18z+XatEJ1
Threatray	1'927 similar samples on MalwareBazaar
TLSH	T1F885AD1242CC129AF14D3B78243C1F7FD3BBB7A87B19634E9654B8A9AFAB7D34115600
TrID	37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 12.7% (.EXE) Win64 Executable (generic) (10523/12/4) 7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	0000000000000000 (872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer)
Reporter	Anonymous
Tags:	dll obama236 Qakbot qbot Quakbot

Anonymous

DLL for Qakbot (Qbot) seen on Friday 2023-02-03, distribution tag: obama236. Run method: rundll32.exe [filename],Wind

Intelligence

File Origin

# of uploads :

2

# of downloads :

274

Origin country :

US

Vendor Threat Intelligence

Detection:

QakBot

Link:

https://www.capesandbox.com/analysis/361187/

Detection(s):

SecuriteInfo.com.Trojan.GenericKDZ.97236.1848.26434.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Sending a custom TCP request

Verdict:

No Threat

Threat level:

2/10

Confidence:

60%

Tags:

greyware packed shell32.dll

Link:

https://www.filescan.io/uploads/63e1ccc31c9cbf7d62564406/reports/5e68a4d4-9769-4ceb-bb64-b22369bc1844/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/713207d9d9875ec88d2f3a53377bf8c2d620147a4199eb183c13a7e957056432

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/abafb77f-8ad5-48ab-9c77-b4c64126336a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/713207d9d9875ec88d2f3a53377bf8c2d620147a4199eb183c13a7e957056432/

Threat name:

Win32.Trojan.BotX

Status:

Malicious

First seen:

2023-02-07 04:00:09 UTC

File Type:

PE (Dll)

Extracted files:

4

AV detection:

13 of 39 (33.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=oezapwozq5pmrdjphjjto67yyllcafd2igm6wgb4cot6svyfmqza._file

Verdict:

malicious

Label(s):

qakbot

Similar samples:

14680e48e2c6bdec71e8b1cc4d82fc4ffe7b813d0665bd69a419f1a564ec63b7

1b1a6b891687bea71774e3f1776b73fee79602f960eb9cae891ad2c5acb277cf

26a5c35034800e786a979358b4cd86cc15ddef9abdf711fd2d3cd38ba59ee4c2

284f0fabbdfc1172cb1cbf74473321668c4b31789d93158669f6735bec124817

2e698c8ff8399eaf27d2dda8fed11d151fcf4d723715468fe1dcc298ac32aa36

57f86a03dcb2a9ebdd6d7184201cef6ba9d70f57aa524682857d4e7a27ec57ae

5f919b98fe0692407761b9fbc869cfd47cecf3d7386ae340a16f04af4673c2ba

c259bf6cdeab63308fdcd798420eb4cc01505602210388a17d8b276112fd3956

e0258e4d45a488bfa45356a5bc55080d7ecc273cd0c1cb7556960427fba9c23f

+ 1'917 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/230207-ekm2cahc74/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

713207d9d9875ec88d2f3a53377bf8c2d620147a4199eb183c13a7e957056432

MD5 hash:

eee61c02f9ea05a0ad6a43d513a37a1b

SHA1 hash:

775aade0dcb211dbcdb896e42fa8ce95752b9081

Link:

https://www.unpac.me/results/ca84a81d-52c4-4c6c-a6e2-9ab60ad16a81/

Malware family:

QBot

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/713207d9d987/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/713207d9d9875ec88d2f3a53377bf8c2d620147a4199eb183c13a7e957056432

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/361187/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample