MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87c2c690b9a4ccd266848d48dcddec5f21472f30e1684066638c44e7f287e51f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 87c2c690b9a4ccd266848d48dcddec5f21472f30e1684066638c44e7f287e51f
SHA3-384 hash: 54457d9f701209ebc0689ed5e4b840a89db3eb145af2c72f2f3033d9c0e51d5117daa045bd6bfc134238646a4cfd275c
SHA1 hash: ee8d354ce82e46eabc3fcd66487d7872fc4bae43
MD5 hash: 29fc7d472f309a711ebd7b4250ad5ee8
humanhash: bacon-muppet-summer-seventeen
File name:RfIsDFAgCoRK.js
Download: download sample
Signature Quakbot
Create hunting rule
File size:340'555 bytes
First seen:2023-06-14 07:45:19 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 6144:bSfr0dh2tgcH6YTkM0cNRcpZwg/EBQ+8N/ygD1pRbwq2jwNxTlhS:bSfrSh2tgcH6YTkMXRcpZwg/QQ+I/ygC
TLSH T1A37431486A51E0F19237B33BCA565420FA6B1F5B2084C972B97C505D2F3D8297EB7EC8
Reporter JAMESWT_WT
Tags:js Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
291
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.JS.Trojan.Cryxos.12665.12211.13511.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6489703e2df0889bde9ff618/reports/2cc99431-b3b8-45a7-9627-13be0387e718/overview
Verdict:
Malicious
Labled as:
Trojan.Cryxos.JS
Link:
https://www.hybrid-analysis.com/sample/87c2c690b9a4ccd266848d48dcddec5f21472f30e1684066638c44e7f287e51f
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/87c2c690b9a4ccd266848d48dcddec5f21472f30e1684066638c44e7f287e51f/
Threat name:
Script-JS.Trojan.Cryxos
Create hunting rule
Status:
Malicious
First seen:
2023-06-13 21:22:26 UTC
File Type:
Text (HTML)
AV detection:
6 of 36 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q7bmnefzutgnezuervenzxpml4quolzq4fueaztdrrcop4uh4upq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/230614-jlztraee83/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Blocklisted process makes network request
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/87c2c690b9a4/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/87c2c690b9a4ccd266848d48dcddec5f21472f30e1684066638c44e7f287e51f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

Java Script (JS) js 87c2c690b9a4ccd266848d48dcddec5f21472f30e1684066638c44e7f287e51f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2659440/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2659398/
  
URLhaus
https://urlhaus.abuse.ch/url/2659999/
  
URLhaus
https://urlhaus.abuse.ch/url/2659310/
  
URLhaus
https://urlhaus.abuse.ch/url/2659216/

Comments