MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 a44cc3f87c7953f5a13b91f6d472936884af802c574a1a05466233c0e089f057. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 7
| SHA256 hash: | a44cc3f87c7953f5a13b91f6d472936884af802c574a1a05466233c0e089f057 |
|---|---|
| SHA3-384 hash: | 918fc2b261bb828d076f5a697b3a4eb53da88d22aae96f2fc23162c6c5c0a47be97642ad175243d7d12d65b15010543b |
| SHA1 hash: | 9e1616fe833d51ce40094e2937672fb9c2b28b81 |
| MD5 hash: | a105f79ac52026d97918416d61764780 |
| humanhash: | kentucky-nuts-maryland-bluebird |
| File name: | R45056899.zip |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 190'055 bytes |
| First seen: | 2022-10-05 14:33:07 UTC |
| Last seen: | Never |
| File type: | zip |
| MIME type: | application/zip |
| ssdeep | 3072:Lnaw2cAU5o3wLeLgJQGHKWoKLvC1bKbpS0t9SDD/RhyZQ5OrOUhsuvsIQxOG+GK/:LawkuoYJffoEvuUSXfyZQzUhsuvaxOGQ |
| TLSH | T1AB04123794B9B939993C98FE1E280433793D40967CF7AEA63913943758287E3D2413DA |
| TrID | 80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1) |
| Reporter |  pr0xylife |
| Tags: | BB Qakbot Quakbot zip |
Intelligence
File Origin
# of uploads :
1
# of downloads :
223
Origin country :
n/a
File Archive Information
This file archive contains 26 file(s), sorted by their relevance:
| File name: | core.xml |
|---|---|
| File size: | 603 bytes |
| SHA256 hash: | ae5f008ad3226f1cc10383f3d699f4ded58b0d93a1a895ac1377111cb89b4b69 |
| MD5 hash: | 3418403a5f933d56e7d1350c3bf45756 |
| MIME type: | text/xml |
| Signature | Quakbot |
| File name: | binaryIndex4.bin |
|---|---|
| File size: | 73 bytes |
| SHA256 hash: | 93395a042a8d8ae9dd2a0d827c023369c54d458d0ccb65fa099aa6a4a9af2b25 |
| MD5 hash: | e2c19c5f54fdeb5949efe863f79063c5 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | sheet3.bin.rels |
|---|---|
| File size: | 284 bytes |
| SHA256 hash: | 1c7c1ba563f1322f08be1d3f3efad897960046c8a22515225f5e8827ee1d5579 |
| MD5 hash: | c0a8ec6a8834340405721eeaf14131a8 |
| MIME type: | text/xml |
| Signature | Quakbot |
| File name: | printerSettings4.bin |
|---|---|
| File size: | 5'420 bytes |
| SHA256 hash: | 4da03a297fd24563e99a26ac4bc286091148fe6153a50946aa2334ecb6e26c6f |
| MD5 hash: | 9531b74b57444f1723c690b1872071e3 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | [Content_Types].xml |
|---|---|
| File size: | 3'506 bytes |
| SHA256 hash: | fed9ae52d93b2209e8c9949e3f5d847cc38e5c249ff8373dfec36c07cddcfcc5 |
| MD5 hash: | 421a9dbeaf1e95f6be3b28a4dc5d0f8e |
| MIME type: | text/xml |
| Signature | Quakbot |
| File name: | sheet2.bin.rels |
|---|---|
| File size: | 449 bytes |
| SHA256 hash: | 04ffd8fb6b80f57a3b36edb05d4b5b61486a6e8972f664355d4a81e1780b7281 |
| MD5 hash: | 48ba14e5960ec6d30f310a4a18f730bb |
| MIME type: | text/xml |
| Signature | Quakbot |
| File name: | workbook.bin.rels |
|---|---|
| File size: | 1'908 bytes |
| SHA256 hash: | 425fe3c15d4d68db420d84073b34a67d6fc0e4c42566cc3cace8514ecf03fb35 |
| MD5 hash: | 3a12e3f4e2f981dadb005c75d7868a47 |
| MIME type: | text/xml |
| Signature | Quakbot |
| File name: | sheet3.bin |
|---|---|
| File size: | 1'790 bytes |
| SHA256 hash: | 9f421717935367b744eb24bfb8e29c620ccda020b248d76d0fb0e95ea3b787c6 |
| MD5 hash: | ac8ecc6b9dbf21d280a32f97b274c177 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | calcChain.bin |
|---|---|
| File size: | 126 bytes |
| SHA256 hash: | 09b9572455b31485e4b3e09f8df2ce7941579190b50350fb17575d390663ac8d |
| MD5 hash: | efdeae6f704bcbc106e6e68a2d90df1d |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | sheet1.bin.rels |
|---|---|
| File size: | 284 bytes |
| SHA256 hash: | b3549aed1db89c155318a37e20c90a7c28421a592fa788722627f95085c30cbc |
| MD5 hash: | 5dd578a69dd642f05f1a691f4fb7f4ae |
| MIME type: | text/xml |
| Signature | Quakbot |
| File name: | styles.bin |
|---|---|
| File size: | 799 bytes |
| SHA256 hash: | 7721966fc5a256d39502466f8ee8e36f354150c39774edf2b6da604957b4aa99 |
| MD5 hash: | 9362f8ee5748ce4a52de46a97c115416 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | workbook.bin |
|---|---|
| File size: | 1'347 bytes |
| SHA256 hash: | eb14252e9e6a8042c228891545622bb866c640da6f9fa3e6c681090f8094c198 |
| MD5 hash: | 2ea7c560353a43fb938f525f635f966c |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | binaryIndex2.bin |
|---|---|
| File size: | 67 bytes |
| SHA256 hash: | a5b092942f7101148d4fe9659314c9d2cf4a8e5354d468445040b2c1dd510a55 |
| MD5 hash: | e9d46326eb06caf1cddc97da022e39d8 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | sheet4.bin |
|---|---|
| File size: | 1'129 bytes |
| SHA256 hash: | 94a588e2a56275d81100180a7550e955cb5caa379f21a4e0147c1c019cb89dff |
| MD5 hash: | 1c6b831210df5246de45df24cc1d2fc3 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | sharedStrings.bin |
|---|---|
| File size: | 124 bytes |
| SHA256 hash: | 257dcb139d6efb684889cb1e7ba02019cdb9143846f3eb9eba6aa922df2448c0 |
| MD5 hash: | 556e2682a32c22d438f90913c02ddd2b |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | app.xml |
|---|---|
| File size: | 1'084 bytes |
| SHA256 hash: | d8e29ad0ccb33f95b8cec530531edce2c1c7350257b080c5f433edf15fc2e585 |
| MD5 hash: | 43806a04135cb3e2ff6b6b159f0cb4dc |
| MIME type: | text/xml |
| Signature | Quakbot |
| File name: | sheet2.bin |
|---|---|
| File size: | 937 bytes |
| SHA256 hash: | a82c7d7b4159ebbaf41dba1d3cfd9fe88ce1c40c68c68c9f6eb5dc0db309e670 |
| MD5 hash: | d4ec080471acf2ecdfa13c922d224de8 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | theme1.xml |
|---|---|
| File size: | 6'784 bytes |
| SHA256 hash: | e97f87ea866ff1b1565c394435be001614bcfdeebbe121a52869fcdef1f96922 |
| MD5 hash: | bce742411d961e522e4778c5e4285802 |
| MIME type: | text/xml |
| Signature | Quakbot |
| File name: | binaryIndex1.bin |
|---|---|
| File size: | 73 bytes |
| SHA256 hash: | 63a70002f0dc2aad4ec9a53ea057afa57ae838ac8fb79ebab70b7d5c3d080357 |
| MD5 hash: | 94e580324b51d0ddef18643af9813756 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | sheet4.bin.rels |
|---|---|
| File size: | 284 bytes |
| SHA256 hash: | f2203ae2e0bf35c70dc80a692624a11ba4ac2f1777f9699e9181be2257279981 |
| MD5 hash: | 279d404886a58108f6d9a88178d14662 |
| MIME type: | text/xml |
| Signature | Quakbot |
| File name: | binaryIndex3.bin |
|---|---|
| File size: | 133 bytes |
| SHA256 hash: | cc2f4d74da15dbe884930ba6c9cc4da714e050b61a689038db6a6b992839822c |
| MD5 hash: | 446d8577502c098e93a4c8c2735cb5bf |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | drawing1.xml |
|---|---|
| File size: | 1'385 bytes |
| SHA256 hash: | ece2ceb2592d8a004275c4f0151a518055c724dec6669c28aa35c1c8089d51b8 |
| MD5 hash: | 2369c9f884afb8cc5c515392ccef6789 |
| MIME type: | text/xml |
| Signature | Quakbot |
| File name: | image1.jpg |
|---|---|
| File size: | 214'051 bytes |
| SHA256 hash: | e2a3213a6690efede67d20432f756bfc53fe6fcb1f14a4b1b64bc9a72e11bd94 |
| MD5 hash: | 0f96e1c9a4bcca8db381a2316a435575 |
| MIME type: | image/jpeg |
| Signature | Quakbot |
| File name: | sheet1.bin |
|---|---|
| File size: | 957 bytes |
| SHA256 hash: | f6024fa1731474d13cd2fbae17dabe57c7ed16bd9bdaac0a90b7313dab9dcb18 |
| MD5 hash: | 6b04e315bce1da3b0ed952cb963e1f25 |
| MIME type: | application/octet-stream |
| Signature | Quakbot |
| File name: | drawing1.xml.rels |
|---|---|
| File size: | 292 bytes |
| SHA256 hash: | ab401693c6e6d5162d93601fdfd27e42c8fa923f5463cd15abd010358395581c |
| MD5 hash: | d862c715f67c3fd63cf9d27a14d0ae25 |
| MIME type: | text/xml |
| Signature | Quakbot |
| File name: | vbaProject.bin |
|---|---|
| File size: | 14'848 bytes |
| SHA256 hash: | 94795e2117aed577d611d9b671a9cb8a564f5db202b0165e05c465507892bba4 |
| MD5 hash: | 9c7a65e009f14a698eb8bd9e7c4606d3 |
| MIME type: | application/CDFV2 |
| Signature | Quakbot |
Vendor Threat Intelligence
Result
Verdict:
Malicious
File Type:
OOXML Excel File with Excel4Macro
Behaviour
BlacklistAPI detected
Document image
Image:
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
macros macros-on-open regsvr32
Result
Verdict:
MALICIOUS
Link:
Details
Macro with Startup Hook
Detected macro logic that will automatically execute on document open. Most malware contains some execution hook.
Threat name:
Document-Excel.Downloader.Heuristic
Status:
Malicious
First seen:
2022-10-05 14:35:43 UTC
File Type:
Binary (Archive)
Extracted files:
58
AV detection:
14 of 39 (35.90%)
Threat level:
2/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
10/10
Tags:
macro xlm
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Office loads VBA resources, possible macro or embedded object present
Process spawned unexpected child process
Malware Config
Dropper Extraction:
http://nafenterpriselimited.co.uk/Keeu/0.html
http://metroberrylocalmarketing.com/7z8b/0.html
http://metroberrylocalmarketing.com/7z8b/0.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Quakbot
zip a44cc3f87c7953f5a13b91f6d472936884af802c574a1a05466233c0e089f057
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.