MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 921600eb0acfef3f864f018616a6a5a8de6cd18ffedd36d3a649a71dc627aedc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 921600eb0acfef3f864f018616a6a5a8de6cd18ffedd36d3a649a71dc627aedc
SHA3-384 hash: 065d1416666acf92a68a9ccf6b2c377b67cace88f94a01b0adf49463669d552351f69df4aa437f2706bd9c22955630ca
SHA1 hash: d4921ce016bc0e1c992f6ffd4d89b401ce3c82b7
MD5 hash: 9135b35a4ef824c9318b2c49d0cbd96e
humanhash: lion-whiskey-colorado-single
File name:Contr785.zip
Download: download sample
Signature Quakbot
Create hunting rule
File size:422'794 bytes
First seen:2022-10-25 11:28:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: PG1
ssdeep 12288:WMZecybcIKd1PHiylLsUCmC/WY5bUZQ34:Bl6cNJHNLUL/qZQ34
TLSH T1859423F15F12284E99A45970048EBA4D8F5265BF9ED51C9BDB8483D7F0B1B20F1CEA0E
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter pr0xylife
Tags:1666691039 BB04 pw PG1 Qakbot Quakbot zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
197
Origin country :
n/a
File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:competitive.dat
File size:745'472 bytes
SHA256 hash: 0ec25b0db6bd1466458d898121de430e110ff3bcb870afac634240de027ab43a
MD5 hash: 29e572000dd232365c4ce9566d220c9a
MIME type:application/x-dosexec
Signature Quakbot
File name:greenery.cmd
File size:615 bytes
SHA256 hash: 496a9788bcf096f47e9dc82c7e3a2c1d3d713247bb99c2a4f9d9cb4093a37ce9
MD5 hash: 62748e23ce2d9e3f2bdb1f4ad22d8517
MIME type:text/x-msdos-batch
Signature Quakbot
File name:VV.lnk
File size:1'769 bytes
SHA256 hash: 9484e3d6cceeb6851d2d65b8939df4c3ac0b078d915989d545b8368dbdcc76b3
MD5 hash: 6a1d4c9d6e0460cd4798b46e69c18db8
MIME type:application/octet-stream
Signature Quakbot
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.PKillPWZipISOAllTheSmallThings.20221024.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/921600eb0acfef3f864f018616a6a5a8de6cd18ffedd36d3a649a71dc627aedc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/921600eb0acfef3f864f018616a6a5a8de6cd18ffedd36d3a649a71dc627aedc/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=silab2ykz7xt7bspagdbnjvfvdpgzump73otnu5gjgtr3rrhv3oa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/921600eb0acfef3f864f018616a6a5a8de6cd18ffedd36d3a649a71dc627aedc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PassProtected_ZIP_ISO_file
Create hunting rule
Author:_jc
Description:Detects container formats commonly smuggled through password-protected zips

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments