MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b3e9548cfa45ea0e5ad154e3480b817a74b46dc7326b05fce343254002b2712. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b3e9548cfa45ea0e5ad154e3480b817a74b46dc7326b05fce343254002b2712
SHA3-384 hash: b24e53116ebceb4c676c1ec0f00d178ab6618c3723c6eca5770106a99fb4d9e0635f0703f8e99c9667814a5376b6c1d9
SHA1 hash: 4df25abe1168f677aa0a82c8cdb8ac9d6fb143e0
MD5 hash: e43fbdaf328e7389ff2362408d3dad06
humanhash: yellow-arizona-social-mango
File name:10000000.desktop.dat
Download: download sample
Signature Quakbot
Create hunting rule
File size:3'477'504 bytes
First seen:2020-07-23 13:29:55 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep 49152:lByIBTsuO67qz4ibbnEBEni0E3pSnhVgzSajhDUNcPE:lMICV67q8iPnEBEi0oSOh9DU6PE
Threatray 19 similar samples on MalwareBazaar
TLSH 98F56C52F90572DFE48A2E748577CD859A9E43B84B2508C3F85CB6B9BD33CC116B6C28
Reporter James_inthe_box
Tags:dat Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/31787/
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/396369
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 250501 Sample: 10000000.desktop.dat Startdate: 23/07/2020 Architecture: WINDOWS Score: 56 31 Multi AV Scanner detection for submitted file 2->31 33 Machine Learning detection for sample 2->33 35 PE file contains section with special chars 2->35 7 loaddll32.exe 1 2->7         started        process3 process4 9 rundll32.exe 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 9 other processes 7->15 process5 17 WerFault.exe 3 10 9->17         started        19 WerFault.exe 9 11->19         started        21 WerFault.exe 9 13->21         started        23 WerFault.exe 21 9 15->23         started        25 WerFault.exe 9 15->25         started        27 WerFault.exe 9 15->27         started        29 WerFault.exe 9 15->29         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8b3e9548cfa45ea0e5ad154e3480b817a74b46dc7326b05fce343254002b2712/
Threat name:
Win32.Trojan.NukeSped
Create hunting rule
Status:
Malicious
First seen:
2020-07-23 13:28:15 UTC
File Type:
PE (Dll)
Extracted files:
2
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rm7jksgpurpkbznncvhdjafyc6tuwrw4omtlax6ogqzfiable4ja._file
Verdict:
malicious
Similar samples:
2ba0f2e22ed07ca3188c898a0c9256fd30e878916ebe669ed52b25cb18d5ccde
Quakbot
2d403f971f502d2423b11dcca6424edc460b6c290cb76107d7f36a37565791e8
Quakbot
450224b458d5d44cbaf62d95e18face27de776ed227ba0f7dc7e12bd07f64c9b
Quakbot
4d9b89978e6ca9cf14cb1f04859e01e66c1e0dbefedd1663617647535c0b3fa0
Quakbot
6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986
Quakbot
831ba6efa4a49eb1c7ff749fe442b393c5a614f383bf1efb52512a183b4362fc
Quakbot
a0e9692a6a0f50890c03829cfc80dd4ef47aaf4ade8c2fd35a62c09d290171d3
Quakbot
a2f0a1d469d73a11c69afc9eb12000fa7f7652305d936a10d12dabce693f878b
Quakbot
b52960b7ce7ae8c007c59626859816296471b7810036baaa7b7b86c2cd6d6218
Quakbot
e9cced0b9ebefdba76a527b00dcb635a37ea0274f5b8038e9eec809bf2a500e0
Quakbot
+ 9 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot
Link:
https://tria.ge/reports/200723-7eawxg7nna/
Behaviour
JavaScript code in executable
Qakbot family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8b3e9548cfa45ea0e5ad154e3480b817a74b46dc7326b05fce343254002b2712

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/31787/

Comments