MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 9c5dbac6625a15ae0a07b441c9fb83b1c828252b83ae62e61f9189eed3cdd2fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 8
| SHA256 hash: | 9c5dbac6625a15ae0a07b441c9fb83b1c828252b83ae62e61f9189eed3cdd2fd |
|---|---|
| SHA3-384 hash: | ae80fa92507a6cfb0cc4f3d7dbd4fd48533d00db6244182a153116191ce00b0dac2e185cafa8db13b8fb6d9de8d98a3f |
| SHA1 hash: | 133890b001489989657e58cbbaeb440fc59f8dd7 |
| MD5 hash: | eefcfaa58c267e78b8b006026db53fdb |
| humanhash: | emma-wisconsin-five-table |
| File name: | doc_C439_May_30.zip |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 1'423 bytes |
| First seen: | 2023-05-31 08:41:56 UTC |
| Last seen: | Never |
| File type: | zip |
| MIME type: | application/zip |
| ssdeep | 24:9hzzHJ2DN5IL+B1MWnR8A9ienVdT4DwHB05KrOvPVO5oV+se7T/H4tbHzzGRg/:9lHJ2R5ISBHR8/uVdTV05KruVY4+r/Ha |
| TLSH | T17D211B0177B16200C907A03D102142ABA5804909FD6FC6D23CCB11D2EBB9A2DC74038D |
| TrID | 80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1) |
| Reporter |  JAMESWT_WT |
| Tags: | Quakbot zip |
Intelligence
File Origin
# of uploads :
1
# of downloads :
112
Origin country :
ITFile Archive Information
This file archive contains 1 file(s), sorted by their relevance:
| File name: | doc_C496_May_30.js |
|---|---|
| File size: | 4'819 bytes |
| SHA256 hash: | b0e508af8154420db187a70281df0f197942d403dd940820c936d14cb8da1f6f |
| MD5 hash: | e77c197c0a29dbcfa664de5b85f52b24 |
| MIME type: | text/plain |
| Signature | Quakbot |
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malicious
File Type:
JS File - Malicious
Payload URLs
URL
File name
C:\\Windows
JS File
Behaviour
BlacklistAPI detected
Verdict:
Suspicious
Threat level:
5/10
Confidence:
100%
Verdict:
Malicious
Labled as:
Mal/DrodZp
Result
Verdict:
MALICIOUS
Link:
Threat name:
Script-JS.Downloader.Dornoe
Status:
Malicious
First seen:
2023-05-30 19:48:11 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
9 of 24 (37.50%)
Threat level:
3/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.60
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Quakbot
zip 9c5dbac6625a15ae0a07b441c9fb83b1c828252b83ae62e61f9189eed3cdd2fd
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.