MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 855e2d5dede5dc3c5a9aaeab8100284c84f3ffaf41a65c7d6514434d9e8c34a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 855e2d5dede5dc3c5a9aaeab8100284c84f3ffaf41a65c7d6514434d9e8c34a1
SHA3-384 hash: 4ccd49ee5eecff3e62251c86f31b68e599a02ee9dd609c0c21cc241a0decf50c2fa3935c29fd1a4dec8ea3ded5f57206
SHA1 hash: 96416398df6893a50dd2eede757279c368fa4b44
MD5 hash: 3318b6a0d3f9402962812395c61718dd
humanhash: fifteen-cardinal-triple-wisconsin
File name:jjkER9Z7sl68j.js
Download: download sample
Signature Quakbot
Create hunting rule
File size:350'757 bytes
First seen:2023-06-14 06:57:01 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 6144:bSfr0dh2tgcH6YTkM0cNRcpZwg/EBQ+8N/ygD1pRbq0JrFnXxJ5OGhS:bSfrSh2tgcH6YTkMXRcpZwg/QQ+I/ygO
TLSH T1627444856A45E0F04237B37BDA179410FAAB1E5B11848932F97C605C2F3D8697EBBEC4
Reporter JAMESWT_WT
Tags:js Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
264
Origin country :
IT IT
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/648964c92df0889bde9ff388/reports/f7ad95e1-7315-4459-8f23-6a6d0f95a470/overview
Verdict:
Suspicious
Labled as:
JS/Agent.QVM trojan
Link:
https://www.hybrid-analysis.com/sample/855e2d5dede5dc3c5a9aaeab8100284c84f3ffaf41a65c7d6514434d9e8c34a1
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/855e2d5dede5dc3c5a9aaeab8100284c84f3ffaf41a65c7d6514434d9e8c34a1/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qvpc2xpn4xodywu2v2vycabijscph75pigtfy7lfcrbu3humgsqq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/230614-hqx1aaea7v/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Blocklisted process makes network request
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/855e2d5dede5/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/855e2d5dede5dc3c5a9aaeab8100284c84f3ffaf41a65c7d6514434d9e8c34a1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

Java Script (JS) js 855e2d5dede5dc3c5a9aaeab8100284c84f3ffaf41a65c7d6514434d9e8c34a1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2659402/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2659091/

Comments