MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c47896eaa27c1ec31c48af31a42af85646c6311d6c2f17e20840be756ce77bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c47896eaa27c1ec31c48af31a42af85646c6311d6c2f17e20840be756ce77bd
SHA3-384 hash: 7ccab3af074bd130fc0168bb20856a447da37bbb41951a11e281e737bc6593c877eb9e6cc67ab5a34f4719a9868fc012
SHA1 hash: b0c5515eed81a2ad74467c0519a055e6efd6064c
MD5 hash: d424ca5445f8b5ca64fc0b306ce948eb
humanhash: nineteen-zebra-triple-bravo
File name:9338160.dat
Download: download sample
Signature Quakbot
Create hunting rule
File size:924'672 bytes
First seen:2022-03-15 13:08:14 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 6ba0cdaabc3a2c72d338b7f8d0d0f8d8 (37 x Quakbot, 3 x Heodo)
ssdeep 24576:86BseOd1eQ/n+Xz4oA9bDajPNI5zvpiGaT8:86toeQ/+rAdDa7alpiGM8
Threatray 265 similar samples on MalwareBazaar
TLSH T1E615BF71E3A014BFD1323ABC5D7F33599D263D012928C48967D96F0F4ADB981376A28B
File icon (PE):PE icon
dhash icon 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner)
Reporter pr0xylife
Tags:dll obama167 Qakbot Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
200
Origin country :
n/a
Vendor Threat Intelligence
Detection:
QakBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/250781/
Detection(s):
Win.Trojan.Qakbot-9941861-1
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/62308ff7b94fb38cb484d362/reports/6bec2360-d47d-4580-aac5-eb4ea6853a02/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Qakbot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/77365563-2af0-41d0-9e95-91528251b574
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9c47896eaa27c1ec31c48af31a42af85646c6311d6c2f17e20840be756ce77bd/
Threat name:
Win32.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2022-03-15 13:09:12 UTC
File Type:
PE (Dll)
Extracted files:
38
AV detection:
9 of 41 (21.95%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
qakbot
Create hunting rule
Similar samples:
11e04e06de6279a383da18618f0f174e03e4e06b28555093188f331d1c2fd597
Quakbot
2608b4e01cfd647dcc1b2690f63be9c4d22db47a9da3305ae8be563e2098b71e
Quakbot
4192d813df909928d3b83a040a14992bc38ac2890d22f3952bfcd164236c7ef8
Quakbot
41e063c24b12f07351c04b48bc566ce98c501d24f500d13d127f94f0d0545c6c
Quakbot
997c73e9f09586d43bc539917465979ef9b121678be33846412ef3fb550ebdaa
Quakbot
9ae6784aacb19be546ba5e1f1bb44882e8f9c8f692472947d2734afcd7d54e05
Quakbot
a8a1e59e5bb04ac6e7c422a105a6816bc0e1c6755b7902bc670d1cf2bcbeca53
Quakbot
c71a24c7ecc4fc745cdd9bcc602c6995113a19221abbacce72df070b6b2052f8
Quakbot
cdd76708c7f99f29ba010696a7415a277a076c6f791b603a8b4001230d371930
Quakbot
e804b18a8b904ed554e8466dc981464bd3412ee25323e0f81cda10a59dd2c261
Quakbot
+ 255 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot botnet:obama167 campaign:1647332289 banker stealer trojan
Link:
https://tria.ge/reports/220315-qds5kadbfj/
Behaviour
Suspicious use of WriteProcessMemory
Qakbot/Qbot
Malware Config
C2 Extraction:
90.74.16.2:6881
176.67.56.94:443
148.64.96.100:443
47.180.172.159:443
190.189.33.6:32101
175.145.235.37:443
140.82.49.12:443
47.51.47.182:995
108.60.213.141:443
39.53.89.140:995
217.165.97.124:993
39.44.151.33:995
5.95.58.211:2087
176.88.238.122:995
197.37.7.47:995
217.165.79.31:443
45.241.168.197:995
24.43.99.75:443
111.125.245.118:995
114.79.148.170:443
128.106.123.180:443
196.203.37.215:80
140.82.63.183:443
149.28.238.199:443
144.202.3.39:995
149.28.238.199:995
140.82.63.183:995
45.76.167.26:995
45.63.1.12:443
144.202.3.39:443
45.76.167.26:443
187.170.7.81:443
39.52.107.246:995
45.9.20.200:443
124.41.193.166:443
173.174.216.62:443
80.11.74.81:2222
37.186.54.166:995
217.164.119.130:2222
207.170.238.231:443
47.23.89.59:993
144.202.2.175:995
144.202.2.175:443
217.165.79.31:995
47.23.89.59:995
31.35.28.29:443
70.57.207.83:443
69.159.200.138:2222
113.11.89.170:995
32.221.225.247:995
103.230.180.119:443
186.10.247.110:443
71.13.93.154:2222
83.110.154.202:61200
75.99.168.194:61201
182.191.92.203:995
93.48.80.198:995
70.46.220.114:443
102.184.187.50:995
84.241.8.23:32103
47.180.172.159:50010
41.130.134.201:993
103.157.122.130:21
130.164.154.59:443
141.237.90.158:995
172.114.160.81:995
186.64.87.236:443
2.34.12.8:443
91.177.173.10:995
119.158.105.8:995
208.107.221.224:443
105.186.127.127:995
103.87.95.131:2222
75.159.9.236:443
86.184.85.199:443
217.128.122.65:2222
148.64.96.100:995
24.152.219.253:995
78.100.227.241:2222
195.32.57.18:80
92.99.229.158:2222
72.76.94.99:443
67.209.195.198:443
78.100.194.196:6883
41.84.243.150:995
120.150.218.241:995
177.207.108.236:993
120.61.3.31:443
88.250.126.28:443
190.73.3.148:2222
197.89.109.218:443
74.15.2.252:2222
206.217.0.154:995
209.180.70.25:443
39.49.71.173:995
76.69.155.202:2222
75.99.168.194:443
217.164.119.130:1194
86.98.27.253:443
92.177.45.46:2078
189.146.51.56:443
45.63.1.12:995
41.228.22.180:443
58.105.167.35:50000
86.97.11.15:443
1.161.80.70:443
173.21.10.71:2222
121.74.187.191:995
148.64.96.100:993
75.188.35.168:443
191.99.191.28:443
76.23.237.163:995
189.253.32.61:995
71.74.12.34:443
76.169.147.192:32103
47.156.131.10:443
67.165.206.193:993
201.145.160.158:443
201.170.181.247:443
47.145.130.171:443
73.151.236.31:443
86.198.170.170:2222
82.41.63.217:443
201.172.31.135:2222
72.252.201.34:990
70.51.135.39:2222
177.207.108.236:995
72.252.201.34:995
100.1.108.246:443
72.12.115.90:22
47.156.191.217:443
108.4.67.252:443
109.12.111.14:443
89.101.97.139:443
190.206.211.182:443
24.55.67.176:443
105.225.175.226:995
50.192.106.153:2222
86.97.8.82:443
45.46.53.140:2222
201.40.225.216:443
161.142.56.113:443
209.210.95.228:443
191.112.22.95:443
208.101.87.135:443
24.229.150.54:995
82.152.39.39:443
76.25.142.196:443
41.205.12.24:443
114.24.93.121:443
Unpacked files
SH256 hash:
c8f85b205864a5ee7c9913dac873cdbe29af36c55bfd7f51532ea9f3df66d1f4
MD5 hash:
5faaed367c6df3b5eb9f19d49f9522ae
SHA1 hash:
dd36e0ce94a7f67143c648f422d358e82064e498
Link:
https://www.unpac.me/results/ee446c37-8b5a-4272-be25-4889657b11f3/
SH256 hash:
a0c361afafa5d4f13766e630c09a32fcdadfce525db22e8d1922dacf69c8912d
MD5 hash:
f743296cd09109adee2a19d420730d76
SHA1 hash:
5e648034edbdbace00a5d12f020f63baccaf8ec5
Link:
https://www.unpac.me/results/ee446c37-8b5a-4272-be25-4889657b11f3/
SH256 hash:
9c47896eaa27c1ec31c48af31a42af85646c6311d6c2f17e20840be756ce77bd
MD5 hash:
d424ca5445f8b5ca64fc0b306ce948eb
SHA1 hash:
b0c5515eed81a2ad74467c0519a055e6efd6064c
Link:
https://www.unpac.me/results/ee446c37-8b5a-4272-be25-4889657b11f3/
Malware family:
CryptOne
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/9c47896eaa27/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9c47896eaa27c1ec31c48af31a42af85646c6311d6c2f17e20840be756ce77bd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/250781/

Comments