MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81f4632d38ca8f83521afa08b8f52e07bf85921108839cce0a652d1c80391022. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Vendor detections: 2

Intelligence 2 IOCs YARA 2 File information Comments 1

SHA256 hash: 81f4632d38ca8f83521afa08b8f52e07bf85921108839cce0a652d1c80391022
SHA3-384 hash: b5f67109e90fdb60d8c46aa487656022c9f7f38159602ff5205d5951a3ec04fe13752a1f86f7200fdd9dc1bebdfa3343
SHA1 hash: 24c1ba3b12773b15759294837e174651a64caa0d
MD5 hash: 42d8475afafb1ec2b0068f921cce0cd3
humanhash: sierra-thirteen-hydrogen-stream
Download: download sample
Signature Quakbot
File size:1'192 bytes
First seen:2022-09-12 16:27:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24:wTE+6nzwPLPZMF7XtzNbJgxSCYCCHAyhS2QMeE7zxp1eSQ:6E3nzwPlMF7VRMVy66zo
TLSH T1F5213336C1DD00DAE98EF4F4B04794110FB5AB27AACE39C70F10E5207B71135A6205A3
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter @pr0xylife
Tags:BB Qakbot Quakbot zip


File Origin
# of uploads :
# of downloads :
Origin country :
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Gathering data

YARA Signatures

MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:SUSP_ZIP_LNK_PhishAttachment
Description:Detects suspicius tiny ZIP files with malicious lnk files
Reference:Internal Research
Rule name:SUSP_ZIP_LNK_PhishAttachment_Pattern_Jun22_1
Author:Florian Roth
Description:Detects suspicious tiny ZIP files with phishing attachment characteristics
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.


proxylife commented on 2022-09-12 16:28:59 UTC

pw U4613