MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 997c73e9f09586d43bc539917465979ef9b121678be33846412ef3fb550ebdaa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 8
| SHA256 hash: | 997c73e9f09586d43bc539917465979ef9b121678be33846412ef3fb550ebdaa |
|---|---|
| SHA3-384 hash: | 53ef924ff36f4eb1cc9aabdf9c17de18eaed7ce4fb38792e0bb34f035c61198b3648dd2fc1dae75f8bb564466746f295 |
| SHA1 hash: | 4cc92c3f60df03ef6e2fcfc39453de343e81b661 |
| MD5 hash: | f6cf8d0dc990f0e73ca71bb91c68e35f |
| humanhash: | fix-foxtrot-blue-comet |
| File name: | 7162256.dat |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 924'672 bytes |
| First seen: | 2022-03-15 13:09:02 UTC |
| Last seen: | Never |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | 6ba0cdaabc3a2c72d338b7f8d0d0f8d8 (37 x Quakbot, 3 x Heodo) |
| ssdeep | 24576:86BseOd1eQJn+Xz4oA9bDajPNI5zvpiGaT8:86toeQl+rAdDa7alpiGM8 |
| Threatray | 263 similar samples on MalwareBazaar |
| TLSH | T14415BF71E3A014BFD1323ABC5D7F33599D263D012928C48967D96F0F4ADB981376A28B |
| File icon (PE): |  |
| dhash icon | 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner) |
| Reporter |  pr0xylife |
| Tags: | dll obama167 Qakbot Quakbot |
Intelligence
File Origin
# of uploads :
1
# of downloads :
211
Origin country :
n/a
Vendor Threat Intelligence
Detection:
QakBot
Detection(s):
Result
Verdict:
Clean
Maliciousness:
Behaviour
Сreating synchronization primitives
Creating a window
Verdict:
No Threat
Threat level:
10/10
Confidence:
100%
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Threat name:
Win32.Trojan.Injuke
Status:
Malicious
First seen:
2022-03-15 13:10:12 UTC
File Type:
PE (Dll)
Extracted files:
38
AV detection:
10 of 42 (23.81%)
Threat level:
5/5
Verdict:
malicious
Label(s):
qakbot
Similar samples:
+ 253 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot botnet:obama167 campaign:1647332289 banker stealer trojan
Behaviour
Suspicious use of WriteProcessMemory
Qakbot/Qbot
Malware Config
C2 Extraction:
90.74.16.2:6881
176.67.56.94:443
148.64.96.100:443
47.180.172.159:443
190.189.33.6:32101
175.145.235.37:443
140.82.49.12:443
47.51.47.182:995
108.60.213.141:443
39.53.89.140:995
217.165.97.124:993
39.44.151.33:995
5.95.58.211:2087
176.88.238.122:995
197.37.7.47:995
217.165.79.31:443
45.241.168.197:995
24.43.99.75:443
111.125.245.118:995
114.79.148.170:443
128.106.123.180:443
196.203.37.215:80
140.82.63.183:443
149.28.238.199:443
144.202.3.39:995
149.28.238.199:995
140.82.63.183:995
45.76.167.26:995
45.63.1.12:443
144.202.3.39:443
45.76.167.26:443
187.170.7.81:443
39.52.107.246:995
45.9.20.200:443
124.41.193.166:443
173.174.216.62:443
80.11.74.81:2222
37.186.54.166:995
217.164.119.130:2222
207.170.238.231:443
47.23.89.59:993
144.202.2.175:995
144.202.2.175:443
217.165.79.31:995
47.23.89.59:995
31.35.28.29:443
70.57.207.83:443
69.159.200.138:2222
113.11.89.170:995
32.221.225.247:995
103.230.180.119:443
186.10.247.110:443
71.13.93.154:2222
83.110.154.202:61200
75.99.168.194:61201
182.191.92.203:995
93.48.80.198:995
70.46.220.114:443
102.184.187.50:995
84.241.8.23:32103
47.180.172.159:50010
41.130.134.201:993
103.157.122.130:21
130.164.154.59:443
141.237.90.158:995
172.114.160.81:995
186.64.87.236:443
2.34.12.8:443
91.177.173.10:995
119.158.105.8:995
208.107.221.224:443
105.186.127.127:995
103.87.95.131:2222
75.159.9.236:443
86.184.85.199:443
217.128.122.65:2222
148.64.96.100:995
24.152.219.253:995
78.100.227.241:2222
195.32.57.18:80
92.99.229.158:2222
72.76.94.99:443
67.209.195.198:443
78.100.194.196:6883
41.84.243.150:995
120.150.218.241:995
177.207.108.236:993
120.61.3.31:443
88.250.126.28:443
190.73.3.148:2222
197.89.109.218:443
74.15.2.252:2222
206.217.0.154:995
209.180.70.25:443
39.49.71.173:995
76.69.155.202:2222
75.99.168.194:443
217.164.119.130:1194
86.98.27.253:443
92.177.45.46:2078
189.146.51.56:443
45.63.1.12:995
41.228.22.180:443
58.105.167.35:50000
86.97.11.15:443
1.161.80.70:443
173.21.10.71:2222
121.74.187.191:995
148.64.96.100:993
75.188.35.168:443
191.99.191.28:443
76.23.237.163:995
189.253.32.61:995
71.74.12.34:443
76.169.147.192:32103
47.156.131.10:443
67.165.206.193:993
201.145.160.158:443
201.170.181.247:443
47.145.130.171:443
73.151.236.31:443
86.198.170.170:2222
82.41.63.217:443
201.172.31.135:2222
72.252.201.34:990
70.51.135.39:2222
177.207.108.236:995
72.252.201.34:995
100.1.108.246:443
72.12.115.90:22
47.156.191.217:443
108.4.67.252:443
109.12.111.14:443
89.101.97.139:443
190.206.211.182:443
24.55.67.176:443
105.225.175.226:995
50.192.106.153:2222
86.97.8.82:443
45.46.53.140:2222
201.40.225.216:443
161.142.56.113:443
209.210.95.228:443
191.112.22.95:443
208.101.87.135:443
24.229.150.54:995
82.152.39.39:443
76.25.142.196:443
41.205.12.24:443
114.24.93.121:443
176.67.56.94:443
148.64.96.100:443
47.180.172.159:443
190.189.33.6:32101
175.145.235.37:443
140.82.49.12:443
47.51.47.182:995
108.60.213.141:443
39.53.89.140:995
217.165.97.124:993
39.44.151.33:995
5.95.58.211:2087
176.88.238.122:995
197.37.7.47:995
217.165.79.31:443
45.241.168.197:995
24.43.99.75:443
111.125.245.118:995
114.79.148.170:443
128.106.123.180:443
196.203.37.215:80
140.82.63.183:443
149.28.238.199:443
144.202.3.39:995
149.28.238.199:995
140.82.63.183:995
45.76.167.26:995
45.63.1.12:443
144.202.3.39:443
45.76.167.26:443
187.170.7.81:443
39.52.107.246:995
45.9.20.200:443
124.41.193.166:443
173.174.216.62:443
80.11.74.81:2222
37.186.54.166:995
217.164.119.130:2222
207.170.238.231:443
47.23.89.59:993
144.202.2.175:995
144.202.2.175:443
217.165.79.31:995
47.23.89.59:995
31.35.28.29:443
70.57.207.83:443
69.159.200.138:2222
113.11.89.170:995
32.221.225.247:995
103.230.180.119:443
186.10.247.110:443
71.13.93.154:2222
83.110.154.202:61200
75.99.168.194:61201
182.191.92.203:995
93.48.80.198:995
70.46.220.114:443
102.184.187.50:995
84.241.8.23:32103
47.180.172.159:50010
41.130.134.201:993
103.157.122.130:21
130.164.154.59:443
141.237.90.158:995
172.114.160.81:995
186.64.87.236:443
2.34.12.8:443
91.177.173.10:995
119.158.105.8:995
208.107.221.224:443
105.186.127.127:995
103.87.95.131:2222
75.159.9.236:443
86.184.85.199:443
217.128.122.65:2222
148.64.96.100:995
24.152.219.253:995
78.100.227.241:2222
195.32.57.18:80
92.99.229.158:2222
72.76.94.99:443
67.209.195.198:443
78.100.194.196:6883
41.84.243.150:995
120.150.218.241:995
177.207.108.236:993
120.61.3.31:443
88.250.126.28:443
190.73.3.148:2222
197.89.109.218:443
74.15.2.252:2222
206.217.0.154:995
209.180.70.25:443
39.49.71.173:995
76.69.155.202:2222
75.99.168.194:443
217.164.119.130:1194
86.98.27.253:443
92.177.45.46:2078
189.146.51.56:443
45.63.1.12:995
41.228.22.180:443
58.105.167.35:50000
86.97.11.15:443
1.161.80.70:443
173.21.10.71:2222
121.74.187.191:995
148.64.96.100:993
75.188.35.168:443
191.99.191.28:443
76.23.237.163:995
189.253.32.61:995
71.74.12.34:443
76.169.147.192:32103
47.156.131.10:443
67.165.206.193:993
201.145.160.158:443
201.170.181.247:443
47.145.130.171:443
73.151.236.31:443
86.198.170.170:2222
82.41.63.217:443
201.172.31.135:2222
72.252.201.34:990
70.51.135.39:2222
177.207.108.236:995
72.252.201.34:995
100.1.108.246:443
72.12.115.90:22
47.156.191.217:443
108.4.67.252:443
109.12.111.14:443
89.101.97.139:443
190.206.211.182:443
24.55.67.176:443
105.225.175.226:995
50.192.106.153:2222
86.97.8.82:443
45.46.53.140:2222
201.40.225.216:443
161.142.56.113:443
209.210.95.228:443
191.112.22.95:443
208.101.87.135:443
24.229.150.54:995
82.152.39.39:443
76.25.142.196:443
41.205.12.24:443
114.24.93.121:443
Unpacked files
SH256 hash:
c8f85b205864a5ee7c9913dac873cdbe29af36c55bfd7f51532ea9f3df66d1f4
MD5 hash:
5faaed367c6df3b5eb9f19d49f9522ae
SHA1 hash:
dd36e0ce94a7f67143c648f422d358e82064e498
SH256 hash:
a0c361afafa5d4f13766e630c09a32fcdadfce525db22e8d1922dacf69c8912d
MD5 hash:
f743296cd09109adee2a19d420730d76
SHA1 hash:
5e648034edbdbace00a5d12f020f63baccaf8ec5
SH256 hash:
997c73e9f09586d43bc539917465979ef9b121678be33846412ef3fb550ebdaa
MD5 hash:
f6cf8d0dc990f0e73ca71bb91c68e35f
SHA1 hash:
4cc92c3f60df03ef6e2fcfc39453de343e81b661
Malware family:
CryptOne
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.