MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 9f89bf8a97ead5ce07e6742581ca11339b9e0b09a7cee68d7e51f8cb85041671. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
QuakBot
Vendor detections: 5
| SHA256 hash: | 9f89bf8a97ead5ce07e6742581ca11339b9e0b09a7cee68d7e51f8cb85041671 |
|---|---|
| SHA3-384 hash: | 195bf8a057126926cedae4cc7166687b5730e88b79190806197cf1bd0d25f81d16c015eef14c76bc975dba67efd18cfc |
| SHA1 hash: | 5740a30e43aa8150d486fee6154ce086bff37430 |
| MD5 hash: | 7f4ca7059fe71e491bb906bffaf3c642 |
| humanhash: | finch-tango-angel-wyoming |
| File name: | 7f4ca7059fe71e491bb906bffaf3c642.dll |
| Download: | download sample |
| Signature | QuakBot |
| File size: | 350'928 bytes |
| First seen: | 2020-12-08 16:13:23 UTC |
| Last seen: | Never |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | a85c721bc6a13646735851d40fac9270 (1 x QuakBot) |
| ssdeep | 6144:VRjlf+vssDo3BaRmq/jKEoTc+/3r5FbuZ6ViHJ:vsM3BkjHoTce3r5FbnVe |
| Threatray | 1'381 similar samples on MalwareBazaar |
| TLSH | B7749DA7F9018C52E6781B7052E75F541A63AE9A3160260FA0F87F186DF73D43827F88 |
| Reporter |  abuse_ch |
| Tags: | dll Quakbot |
Intelligence
File Origin
# of uploads :
1
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Creating a file in the Windows subdirectories
Launching a process
Modifying an executable file
Creating a process with a hidden window
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Backdoor.Quakbot
Status:
Malicious
First seen:
2020-12-08 16:14:05 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
5/5
Verdict:
malicious
Similar samples:
+ 1'371 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot botnet:abc109 campaign:1607419963 banker stealer trojan
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Program crash
Loads dropped DLL
Qakbot/Qbot
Malware Config
C2 Extraction:
37.106.117.51:443
176.58.133.136:2222
59.103.76.230:443
195.97.101.40:443
2.89.122.180:993
110.159.80.243:443
95.77.223.148:443
79.129.252.62:2222
182.161.6.57:3389
5.193.175.76:2078
41.39.134.183:443
95.76.27.6:443
74.124.191.6:443
184.21.136.237:995
185.105.131.233:443
2.50.2.216:443
24.206.4.203:2222
5.70.178.62:443
2.7.202.106:2222
92.154.83.96:2078
93.113.177.152:443
151.27.88.197:443
160.3.184.253:443
89.136.226.44:995
78.97.110.47:443
92.154.83.96:2087
78.63.226.32:443
217.162.149.212:443
92.154.83.96:1194
149.28.101.90:8443
197.45.110.165:995
86.121.166.72:2222
80.195.103.146:2222
2.50.0.105:995
2.51.240.250:995
197.36.100.188:995
31.215.68.98:2222
217.128.117.218:2222
197.135.49.121:443
5.13.84.186:995
122.59.40.31:995
62.38.114.12:2222
81.133.234.36:2222
79.115.171.106:2222
176.181.247.197:443
82.79.35.131:443
72.66.47.70:443
173.21.10.71:2222
196.151.252.84:443
81.214.126.173:2222
83.110.13.182:2222
45.118.65.34:443
172.87.157.235:3389
79.113.119.125:443
184.98.97.227:995
86.121.3.80:443
2.49.219.254:22
78.154.31.238:443
94.69.242.254:2222
105.198.236.101:443
197.51.82.115:995
89.3.198.238:443
41.97.168.84:443
196.204.207.111:443
41.205.16.89:443
73.32.115.251:443
161.199.180.159:443
197.161.154.132:443
102.185.13.89:443
85.186.122.190:443
185.163.221.77:2222
108.30.125.94:443
105.198.236.99:443
83.196.50.197:2222
149.28.101.90:443
96.225.88.23:443
47.146.34.236:443
63.155.29.193:995
24.95.61.62:443
32.212.117.188:443
73.166.10.38:50003
87.218.53.206:2222
71.163.223.144:443
5.193.106.230:2078
184.97.145.239:443
188.50.187.45:995
151.33.226.156:443
78.101.158.1:61201
173.18.126.193:2222
65.131.41.96:995
178.87.18.221:443
99.244.210.10:443
110.142.205.182:443
83.110.250.71:995
41.228.242.14:443
37.106.7.7:443
164.155.230.98:443
193.83.25.177:995
109.154.193.21:2222
67.141.11.98:443
120.150.34.178:443
205.178.7.90:443
37.116.152.122:2078
78.96.199.79:443
96.40.175.33:443
2.90.124.155:995
162.157.19.33:2222
37.210.255.225:443
175.137.119.141:443
24.179.13.119:443
120.150.218.241:443
83.110.151.105:443
83.114.243.80:2222
2.50.56.81:443
47.21.192.182:2222
90.53.103.229:2222
77.211.30.202:995
93.146.133.102:2222
96.21.251.127:2222
58.179.21.147:995
98.124.76.187:443
72.36.59.46:2222
144.202.38.185:443
149.28.98.196:995
149.28.98.196:443
149.28.101.90:995
149.28.98.196:2222
86.99.134.235:2222
174.87.65.179:443
207.246.75.201:443
45.63.107.192:2222
96.241.66.126:443
149.28.99.97:2222
45.32.155.12:443
149.28.99.97:443
45.63.107.192:995
105.101.182.178:443
144.202.38.185:2222
144.202.38.185:995
45.32.162.253:443
94.52.160.116:443
199.247.16.80:443
83.110.226.174:443
72.182.209.97:2222
37.21.231.245:995
2.132.32.23:995
202.141.244.118:993
85.132.36.111:2222
45.250.69.150:443
111.95.212.237:2222
176.58.133.136:2222
59.103.76.230:443
195.97.101.40:443
2.89.122.180:993
110.159.80.243:443
95.77.223.148:443
79.129.252.62:2222
182.161.6.57:3389
5.193.175.76:2078
41.39.134.183:443
95.76.27.6:443
74.124.191.6:443
184.21.136.237:995
185.105.131.233:443
2.50.2.216:443
24.206.4.203:2222
5.70.178.62:443
2.7.202.106:2222
92.154.83.96:2078
93.113.177.152:443
151.27.88.197:443
160.3.184.253:443
89.136.226.44:995
78.97.110.47:443
92.154.83.96:2087
78.63.226.32:443
217.162.149.212:443
92.154.83.96:1194
149.28.101.90:8443
197.45.110.165:995
86.121.166.72:2222
80.195.103.146:2222
2.50.0.105:995
2.51.240.250:995
197.36.100.188:995
31.215.68.98:2222
217.128.117.218:2222
197.135.49.121:443
5.13.84.186:995
122.59.40.31:995
62.38.114.12:2222
81.133.234.36:2222
79.115.171.106:2222
176.181.247.197:443
82.79.35.131:443
72.66.47.70:443
173.21.10.71:2222
196.151.252.84:443
81.214.126.173:2222
83.110.13.182:2222
45.118.65.34:443
172.87.157.235:3389
79.113.119.125:443
184.98.97.227:995
86.121.3.80:443
2.49.219.254:22
78.154.31.238:443
94.69.242.254:2222
105.198.236.101:443
197.51.82.115:995
89.3.198.238:443
41.97.168.84:443
196.204.207.111:443
41.205.16.89:443
73.32.115.251:443
161.199.180.159:443
197.161.154.132:443
102.185.13.89:443
85.186.122.190:443
185.163.221.77:2222
108.30.125.94:443
105.198.236.99:443
83.196.50.197:2222
149.28.101.90:443
96.225.88.23:443
47.146.34.236:443
63.155.29.193:995
24.95.61.62:443
32.212.117.188:443
73.166.10.38:50003
87.218.53.206:2222
71.163.223.144:443
5.193.106.230:2078
184.97.145.239:443
188.50.187.45:995
151.33.226.156:443
78.101.158.1:61201
173.18.126.193:2222
65.131.41.96:995
178.87.18.221:443
99.244.210.10:443
110.142.205.182:443
83.110.250.71:995
41.228.242.14:443
37.106.7.7:443
164.155.230.98:443
193.83.25.177:995
109.154.193.21:2222
67.141.11.98:443
120.150.34.178:443
205.178.7.90:443
37.116.152.122:2078
78.96.199.79:443
96.40.175.33:443
2.90.124.155:995
162.157.19.33:2222
37.210.255.225:443
175.137.119.141:443
24.179.13.119:443
120.150.218.241:443
83.110.151.105:443
83.114.243.80:2222
2.50.56.81:443
47.21.192.182:2222
90.53.103.229:2222
77.211.30.202:995
93.146.133.102:2222
96.21.251.127:2222
58.179.21.147:995
98.124.76.187:443
72.36.59.46:2222
144.202.38.185:443
149.28.98.196:995
149.28.98.196:443
149.28.101.90:995
149.28.98.196:2222
86.99.134.235:2222
174.87.65.179:443
207.246.75.201:443
45.63.107.192:2222
96.241.66.126:443
149.28.99.97:2222
45.32.155.12:443
149.28.99.97:443
45.63.107.192:995
105.101.182.178:443
144.202.38.185:2222
144.202.38.185:995
45.32.162.253:443
94.52.160.116:443
199.247.16.80:443
83.110.226.174:443
72.182.209.97:2222
37.21.231.245:995
2.132.32.23:995
202.141.244.118:993
85.132.36.111:2222
45.250.69.150:443
111.95.212.237:2222
Unpacked files
SH256 hash:
9f89bf8a97ead5ce07e6742581ca11339b9e0b09a7cee68d7e51f8cb85041671
MD5 hash:
7f4ca7059fe71e491bb906bffaf3c642
SHA1 hash:
5740a30e43aa8150d486fee6154ce086bff37430
SH256 hash:
4b0d58ae5470bbf0ed55572431645af26dea1faaef0d932d55fbed087e5298ad
MD5 hash:
3aeeb37050bbe258dfa0b64501eeb8c5
SHA1 hash:
28e0a84604daafb53bd963aec4e228b5b0b87066
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.