MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 728bcd02acf56c02310829a70f67bc3bc43066957c83a22ea2f5ff990d953d51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 728bcd02acf56c02310829a70f67bc3bc43066957c83a22ea2f5ff990d953d51
SHA3-384 hash: 319d059cc11bbcca1d16c7b3fdf965dda8122f272ca30805adf1a5e385ec4d2dfab22aa8a77499f5eddf102eade82492
SHA1 hash: abccff7bbf5d7fa497128fc75716dfcf6114a8a0
MD5 hash: 3f4256b36bba092b319acae122670681
humanhash: alabama-hamper-lactose-sierra
File name:cyclic.dat
Download: download sample
Signature Quakbot
Create hunting rule
File size:432'640 bytes
First seen:2022-10-27 19:17:51 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash fae84ade86333bc16f134b64e603e945 (8 x Quakbot)
ssdeep 12288:eqdD/sblafl4M/8toGXJZ6diNjKo8Ywr6t57AKC:eqdclafl4eGXuiN58Ye6c
Threatray 1'899 similar samples on MalwareBazaar
TLSH T14594E040F4A3DFF2D1BD183800B6A3631B2956260B26C9FB53848B267E747D15B39776
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter zalksec_sec
Tags:dll Qakbot Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
246
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/325110/
Detection(s):
SecuriteInfo.com.Win32.BotX-gen.16250.15346.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Sending a custom TCP request
Сreating synchronization primitives
Launching a process
Searching for synchronization primitives
Modifying an executable file
Creating a window
Unauthorized injection to a system process
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Qakbot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/36db0b01-3186-4009-96f3-6713a8d57173
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/728bcd02acf56c02310829a70f67bc3bc43066957c83a22ea2f5ff990d953d51/
Threat name:
Win32.Trojan.KBot
Create hunting rule
Status:
Malicious
First seen:
2022-10-27 21:26:32 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
19 of 41 (46.34%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=okf42avm6vwaemiifgtq6z54hpcdazuvpsb2elvc6x7zsdmvhviq._file
Verdict:
malicious
Label(s):
qakbot
Create hunting rule
Similar samples:
08a3ee112e83691b3fe016b8c35450901f188a789c0203e5fe453c1172109c03
Quakbot
540033fa84f80fb1e31c73139d2a043790a980191c5c5e4416bcfa51d4394a4f
Quakbot
62b5cb0be9e42ed5628cf0bcbc7a159ac89668933c887796d2201e5eb4c2ca76
Quakbot
9bea9743ed86d925f88d75077ef37b3a4a6a652bbdd2f0e516efdfbb94fb5e06
Quakbot
aa8fbf0411339a0acce09cebab6aea8ed00ceaec76fd92f304ee41c09a9372a4
Quakbot
dae5768e9a2f692512613af462d3ea8d96ce9f38eee1c06ddc52cde8dec2e0a2
Quakbot
e248f7a1cbd369a2111834664fa805b489c8610e0d9b7fa506c3a1fc882dd331
Quakbot
+ 1'889 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221027-xzx4zadccm/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
563be174a9a6d5aee2b6b4f58bcc62c597ff491ebce308fc832678e85bd6f9a7
MD5 hash:
45d15630e5c0c6995a95265697d0c244
SHA1 hash:
7ac21328c5ba62ef50956f1949ae1344bb25554e
Detections:
Qakbot
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/4406aa81-58d1-4541-bf48-73b823499d74/
Parent samples :
728bcd02acf56c02310829a70f67bc3bc43066957c83a22ea2f5ff990d953d51
540033fa84f80fb1e31c73139d2a043790a980191c5c5e4416bcfa51d4394a4f
SH256 hash:
728bcd02acf56c02310829a70f67bc3bc43066957c83a22ea2f5ff990d953d51
MD5 hash:
3f4256b36bba092b319acae122670681
SHA1 hash:
abccff7bbf5d7fa497128fc75716dfcf6114a8a0
Link:
https://www.unpac.me/results/4406aa81-58d1-4541-bf48-73b823499d74/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/728bcd02acf56c02310829a70f67bc3bc43066957c83a22ea2f5ff990d953d51

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/325110/

Comments