MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 9e51a1d3598dfbd7ad11f96be2947550e64fe2e1c3a31ebf4b3bc79b9e85f86b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 11
| SHA256 hash: | 9e51a1d3598dfbd7ad11f96be2947550e64fe2e1c3a31ebf4b3bc79b9e85f86b |
|---|---|
| SHA3-384 hash: | 2b02de241da5b9acef3fbf3c4ac1553834ce76a13c5d6774b6945a2b2048ebe986132450d804b806f94057ed0fb4af10 |
| SHA1 hash: | 00cefe60ef7d8f940e9ad40c44107e36233f07e9 |
| MD5 hash: | 1e304c478485ed5629c21375f9549dc3 |
| humanhash: | finch-louisiana-johnny-one |
| File name: | 0.bin |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 770'101 bytes |
| First seen: | 2022-10-05 17:22:09 UTC |
| Last seen: | Never |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | 9fc5700f82859d524c68c279be8dc005 (11 x Quakbot) |
| ssdeep | 12288:zxnt9hlMvNICAY0KEkAOl7G79Ph0TF38ME:tt9+JFEkAmGAB38M |
| Threatray | 1'466 similar samples on MalwareBazaar |
| TLSH | T19CF4AF33A2D14877D1631A7CDD3B636C94267D003B2CE94B7BE41D4D9F3A6803A6A297 |
| TrID | 47.6% (.EXE) Win32 Executable Delphi generic (14182/79/4) 15.1% (.EXE) Win32 Executable (generic) (4505/5/1) 10.0% (.MZP) WinArchiver Mountable compressed Archive (3000/1) 6.9% (.EXE) Win16/32 Executable Delphi generic (2072/23) 6.8% (.EXE) OS/2 Executable (generic) (2029/13) |
| File icon (PE): |  |
| dhash icon | 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner) |
| Reporter |  j_dubp |
| Tags: | dll Quakbot |
j_dubp
Email > aashopz[.]com/qti/* > ArtItem*zip > (pass L375) > nafenterpriselimited[.]co.uk/Keeu/0.html (packed DLL)Intelligence
File Origin
# of uploads :
1
# of downloads :
285
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Result
Verdict:
Suspicious
Maliciousness:
Behaviour
Сreating synchronization primitives
Creating a window
Launching a process
Searching for synchronization primitives
Modifying an executable file
DNS request
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
keylogger overlay
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Qakbot
Verdict:
Malicious
Threat name:
Win32.Backdoor.Quakbot
Status:
Malicious
First seen:
2022-10-05 18:19:20 UTC
AV detection:
24 of 26 (92.31%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
qakbot
Similar samples:
+ 1'456 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot banker stealer trojan
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Program crash
Qakbot/Qbot
Malware Config
C2 Extraction:
132.168.179.138:20766
26.255.76.168:3287
254.237.190.31:62182
132.152.138.73:10655
225.191.50.179:48231
230.231.229.10:5218
162.146.95.76:4069
210.171.138.163:28723
140.209.96.28:889
245.192.239.164:57833
36.194.73.27:12466
78.40.66.105:12805
75.123.208.239:20740
180.36.231.156:23458
0.32.140.49:55794
48.93.85.150:61088
61.42.19.37:48298
140.154.97.47:5036
161.111.113.177:16760
96.230.198.18:26683
73.74.2.126:52894
146.160.108.132:48359
126.30.91.173:59640
69.141.81.192:16753
225.73.134.162:51626
132.112.51.93:40962
223.99.222.199:19648
51.241.108.163:54485
190.147.59.247:15271
115.52.238.120:22318
52.31.146.86:16731
245.152.84.23:49643
94.77.21.13:22829
79.199.57.30:34908
231.98.184.102:35665
164.10.70.96:64351
8.34.249.39:4260
253.7.63.49:0
212.23.85.128:59073
89.115.21.41:31024
23.165.95.80:12178
176.226.92.22:9854
35.154.129.250:7200
173.250.166.209:61090
189.210.3.199:49760
197.245.4.245:57728
96.233.132.207:0
26.255.76.168:3287
254.237.190.31:62182
132.152.138.73:10655
225.191.50.179:48231
230.231.229.10:5218
162.146.95.76:4069
210.171.138.163:28723
140.209.96.28:889
245.192.239.164:57833
36.194.73.27:12466
78.40.66.105:12805
75.123.208.239:20740
180.36.231.156:23458
0.32.140.49:55794
48.93.85.150:61088
61.42.19.37:48298
140.154.97.47:5036
161.111.113.177:16760
96.230.198.18:26683
73.74.2.126:52894
146.160.108.132:48359
126.30.91.173:59640
69.141.81.192:16753
225.73.134.162:51626
132.112.51.93:40962
223.99.222.199:19648
51.241.108.163:54485
190.147.59.247:15271
115.52.238.120:22318
52.31.146.86:16731
245.152.84.23:49643
94.77.21.13:22829
79.199.57.30:34908
231.98.184.102:35665
164.10.70.96:64351
8.34.249.39:4260
253.7.63.49:0
212.23.85.128:59073
89.115.21.41:31024
23.165.95.80:12178
176.226.92.22:9854
35.154.129.250:7200
173.250.166.209:61090
189.210.3.199:49760
197.245.4.245:57728
96.233.132.207:0
Unpacked files
SH256 hash:
d7acf348906ff2c99c0aece101ae5a584c976a807c6eb7eee9895211a3342b1e
MD5 hash:
d844605cc0854b06a1e14f41d0ec4f85
SHA1 hash:
ea3c6ddc54d03ab7feddef4e1d3fd198008b0a28
SH256 hash:
fb1ed7a6e4848ff0c7b38f473ddb3110cfa0a176186fd9031fa64a98e4575750
MD5 hash:
e48f86c83fbf8d5a7280163fe1df557d
SHA1 hash:
3209676ac230aea3973a4dae02465625075643c7
Detections:
win_qakbot_auto
SH256 hash:
9e51a1d3598dfbd7ad11f96be2947550e64fe2e1c3a31ebf4b3bc79b9e85f86b
MD5 hash:
1e304c478485ed5629c21375f9549dc3
SHA1 hash:
00cefe60ef7d8f940e9ad40c44107e36233f07e9
Malware family:
QBot
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.86
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.