MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7dd17b8cb0639732fe6929a5d7e1431fedae58acd401a7810afc0be8f9c42ad0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	7dd17b8cb0639732fe6929a5d7e1431fedae58acd401a7810afc0be8f9c42ad0
SHA3-384 hash:	4234ca8eba2ee6d423d931a9d9c2c1e7b1dd34a9cfddfdbf6ec9cc6f059dac09c51361682b629197bf2138ec09c02f77
SHA1 hash:	84c9e4a54e28266aaf75534f1c9fa290e36a9d9a
MD5 hash:	03e1996dbae2c69e8526a3d2d4855bc4
humanhash:	crazy-kilo-fillet-spring
File name:	09.gif
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	531'996 bytes
First seen:	2023-02-13 16:27:15 UTC
Last seen:	2023-02-13 18:28:55 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	5684749ec732d84594f077726c28f1da (3 x Quakbot)
ssdeep	12288:XPkOXczzPUMZClzjzbumfoEG1Tn2AK2Y0yC7+:XOnfClzjnum/G1TnVek
Threatray	4'523 similar samples on MalwareBazaar
TLSH	T17BB45C6FEE0240FAEE07A8FAC547F7EF4E6813328974DCF2C69D6D19B8842641219715
TrID	32.2% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 20.5% (.EXE) Win64 Executable (generic) (10523/12/4) 12.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 9.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	proxylife
Tags:	1676282502 BB15 dll Qakbot Quakbot

Intelligence

File Origin

# of uploads :

2

# of downloads :

254

Origin country :

DE

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/365178/

Detection(s):

SecuriteInfo.com.Win32.Evo-gen.21621.12184.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug overlay packed

Link:

https://www.filescan.io/uploads/63ea651391b0e663e8f663cc/reports/00805d1f-07e1-4216-9d19-4885555c0a21/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_60%

Link:

https://www.hybrid-analysis.com/sample/7dd17b8cb0639732fe6929a5d7e1431fedae58acd401a7810afc0be8f9c42ad0

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/69b862ff-57c7-4963-9556-a1685a977b80

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

6 / 100

Link:

https://www.joesandbox.com/analysis/1173559

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7dd17b8cb0639732fe6929a5d7e1431fedae58acd401a7810afc0be8f9c42ad0/

Threat name:

Win32.Backdoor.Quakbot

Status:

Malicious

First seen:

2023-02-13 16:28:06 UTC

File Type:

PE (Dll)

AV detection:

11 of 26 (42.31%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pxixxdfqmoltf7tjfgs5pykdd7w24wfm2qa2paik7qf6r6oeflia._file

Verdict:

malicious

Label(s):

qakbot

Similar samples:

057a01850c142230544710ea363b2af54cd5ddbf299a103e10e9d3cbbee6f021

4506cd463975098bdcad837059aefb8bfee00200e1eae25c6ebfaff14f564f2c

70d8f263a41bc7606968ed192e027338c7ff63a1dc80675b039cfac2861bcebc

cb1f3849fd8c7ed11de44087378ef7fb4a4f060ed7d5222d044a12d07c1c4fff

cc97293401b033700c6ca626147931a8955262cf4203c0ecfa80a9d7d4b572d6

df7d37e6f80a6c6523fce69a2379639aa599662aa9c59cba57159c6328b8728b

e1f670924bf0dac3e239d0acb5d9cc8fc83c9d8f927dbf758ad01a0bdffdbe63

f89369a40c56332a7dcdd526491216f9125697221b9655c0dfb7a418e183b496

+ 4'513 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/230213-tym1tsdh4v/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

7dd17b8cb0639732fe6929a5d7e1431fedae58acd401a7810afc0be8f9c42ad0

MD5 hash:

03e1996dbae2c69e8526a3d2d4855bc4

SHA1 hash:

84c9e4a54e28266aaf75534f1c9fa290e36a9d9a

Link:

https://www.unpac.me/results/daf0bdf8-0753-44fc-b7d1-989d002230c3/

Malware family:

QBot

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/7dd17b8cb063/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7dd17b8cb0639732fe6929a5d7e1431fedae58acd401a7810afc0be8f9c42ad0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/365178/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample