MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a59ead9d0a1d3217125510152aa887e9ebeee440f4e8dd1dc2300cdd2bc84b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a59ead9d0a1d3217125510152aa887e9ebeee440f4e8dd1dc2300cdd2bc84b1
SHA3-384 hash: 5681de66231a3df46742e511ba01d40eaac6051626fd28290d84e183a59e6d660e018665d0d676f94147e119fffeb145
SHA1 hash: 8742eea4bc34e6665360d73ce182b1d7ce475804
MD5 hash: 6cb8066608da3e38e7497c3a038c632c
humanhash: moon-artist-nebraska-jersey
File name:fnorefer.dll
Download: download sample
Signature Quakbot
Create hunting rule
File size:548'352 bytes
First seen:2022-01-31 14:50:58 UTC
Last seen:2022-01-31 16:59:52 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash edc35d61ceebdfca301ba5422ad04ecc (4 x Quakbot, 2 x Matanbuchus, 1 x BelialDropper)
ssdeep 12288:R+CvUhJUun9nVn5uSKoseGqR2LT8EqeOkXtjEymnk:QO3Q5UHLTX3tjdm
Threatray 2 similar samples on MalwareBazaar
TLSH T187C48D2AF6D08437E2722A3D8C5B9254A8397E412D295C8D3BE42F8C5F39742376539F
File icon (PE):PE icon
dhash icon 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner)
Reporter JAMESWT_WT
Tags:dll qbot Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
214
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/228504/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.8140.3680.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe greyware keylogger packed
Link:
https://www.filescan.io/uploads/61f7f759d7fd65ae55fd2c3a/reports/2b66cf95-9884-4c24-a5f6-caf4c71768ab/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a33258a0-9f58-4732-b33a-ce3dc4a1dd5e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/930908
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7a59ead9d0a1d3217125510152aa887e9ebeee440f4e8dd1dc2300cdd2bc84b1/
Threat name:
Win32.Trojan.Qshell
Create hunting rule
Status:
Malicious
First seen:
2022-01-31 14:51:11 UTC
File Type:
PE (Dll)
Extracted files:
40
AV detection:
10 of 43 (23.26%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
46e5f2266fd8afe94d4c447abe8a51d088e3f8a4ea5cf8b22ebc369416997984
Quakbot
e58b9bbb7bcdf3e901453b7b9c9e514fed1e53565e3280353dccc77cde26a98e
Quakbot
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220131-r75wwshdfk/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
7a59ead9d0a1d3217125510152aa887e9ebeee440f4e8dd1dc2300cdd2bc84b1
MD5 hash:
6cb8066608da3e38e7497c3a038c632c
SHA1 hash:
8742eea4bc34e6665360d73ce182b1d7ce475804
Link:
https://www.unpac.me/results/def0591e-057a-4d52-98f4-8b87415c9d8b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.26
Link:
https://yomi.yoroi.company/submissions/7a59ead9d0a1d3217125510152aa887e9ebeee440f4e8dd1dc2300cdd2bc84b1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/228504/

Comments