MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 784a2827b5ddc82e69198aa9f6a5382c32716eb0263bc2a4f6fc500589c8a3ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	784a2827b5ddc82e69198aa9f6a5382c32716eb0263bc2a4f6fc500589c8a3ef
SHA3-384 hash:	4aca69a9a5143311bb3420e96c295374a583d4c62fdd89e763175f78b71e3708f36f441956b603afe8cea6695095ac97
SHA1 hash:	bce43420d7bcf48ca3f99707feea8e55d454195b
MD5 hash:	9f6ec22b24f100366d83dfe499e5bd3e
humanhash:	princess-berlin-undress-gee
File name:	Contract.sm
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	528'384 bytes
First seen:	2022-12-22 16:22:01 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	d0ce5a8d5d0f4fa36cbdd8035bad1ebc (4 x Quakbot)
ssdeep	6144:wiIqnct7uycRpLrFPQleGc2BpeQvfTiD3MJIyFX+OwjzK9y9KOc6rXPMATcBu:wihnctArBgRprvbiIIAuz19nTMAgc
Threatray	1'872 similar samples on MalwareBazaar
TLSH	T1A1B4D021B1E39175EC9742B0211D5F3EEFFC7A20867798974F9804C12F249A2EB3665B
TrID	31.0% (.EXE) InstallShield setup (43053/19/16) 22.5% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 11.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 9.4% (.SCR) Windows screen saver (13097/50/3) 7.5% (.EXE) Win64 Executable (generic) (10523/12/4)
Reporter	pr0xylife
Tags:	1671633144 azd dll Qakbot Quakbot

Intelligence

File Origin

# of uploads :

1

# of downloads :

227

Origin country :

RU

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/349096/

Detection(s):

SecuriteInfo.com.Trojan.Win32.Seheq.rfn.13251.28002.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/63a4842e031629092a339f1e/reports/d6d35009-dffa-4b58-a69b-2e1a40bc16a6/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/e43e7196-1776-45b4-aa99-e5ed48e38fa0

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

6 / 100

Link:

https://www.joesandbox.com/analysis/1139473

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/784a2827b5ddc82e69198aa9f6a5382c32716eb0263bc2a4f6fc500589c8a3ef/

Threat name:

Win32.Backdoor.Quakbot

Status:

Malicious

First seen:

2022-12-22 16:22:08 UTC

File Type:

PE (Dll)

AV detection:

7 of 26 (26.92%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pbfcqj5v3xec42izrku7njjyfqzhc3vqey54fjhw7rialcoiupxq._file

Verdict:

malicious

Label(s):

qakbot

Similar samples:

22c5d9c52f3e9e072e384cc2963a7a453225c2ed7f26f60d0fb043c77f0c4079

26975798246161199b20263f3793e1c6d56299c0a881c6dfcd4bc9b753b75212

30ba48c675fe81437d78a25384a4c07e357577a58fe63cea022f0847e61e71b1

329732f00e782c5c2512f83db2d07c4b26364298cde645f4fd7adca2f27c00bd

4a6fa75896f4dca8e3ad9c5024037b10b61bd4a723819aaf0ea941f37a763411

88f2ca8f56c76d8689ec1738a23beb4ca30f43a3def3472de430f895805e7e48

96d2f4131542e1b4a6e9bba0bf3807008cb8340e7d247b464fdbebe11031d9e2

c2818a0dde04b70ce0f01342df88b2d01c2ab0fced4e94fdc1254bf505325bf6

ce81b2ab0a243fe8e85a249b0f425007d858d7e9cc7e65af5d2f9e68efb5e5d0

+ 1'862 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/221222-tt757shh7t/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

784a2827b5ddc82e69198aa9f6a5382c32716eb0263bc2a4f6fc500589c8a3ef

MD5 hash:

9f6ec22b24f100366d83dfe499e5bd3e

SHA1 hash:

bce43420d7bcf48ca3f99707feea8e55d454195b

Link:

https://www.unpac.me/results/0631c3d2-e3fd-483f-ba22-754c09b598a8/

Malware family:

QBot

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/784a2827b5dd/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.16

Link:

https://yomi.yoroi.company/submissions/784a2827b5ddc82e69198aa9f6a5382c32716eb0263bc2a4f6fc500589c8a3ef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/349096/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample