MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7467e38a1122b5c0cc33e756868fc6b890f12136c27068aaefaa212d3432d02. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	a7467e38a1122b5c0cc33e756868fc6b890f12136c27068aaefaa212d3432d02
SHA3-384 hash:	6986e6ab655f7e1cb4c7a70b73d2908e3f603629eee1ad1855c1633157ff9b22a84d98a2a3a65d9f44a1c851ca58521c
SHA1 hash:	89398c1265f6475373250792138d7350979b3029
MD5 hash:	ce83efc63c2f372c6213ebc58126fa51
humanhash:	india-beer-equal-hawaii
File name:	Ropedjo1.ocx
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	548'352 bytes
First seen:	2022-01-31 15:11:40 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	edc35d61ceebdfca301ba5422ad04ecc (4 x Quakbot, 2 x Matanbuchus, 1 x BelialDropper)
ssdeep	12288:R+CvUhJUun9nVn5uSKoseGqR2LTxEqeOkXtjEymnk:QO3Q5UHLT63tjdm
Threatray	3 similar samples on MalwareBazaar
TLSH	T114C48D2AF6D08437E2722A3D8C5B9254A8397E412D295C8D3BE42F8C5F39742376539F
File icon (PE):
dhash icon	399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner)
Reporter	Anonymous
Tags:	dll Quakbot

Intelligence

File Origin

# of uploads :

# of downloads :

130

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/228509/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

DNS request

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/61f7fc47d9e6538232d7ebe3/reports/b5d93466-22e4-4612-a7f1-560fcc274528/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/9f00e5d7-dba4-4dda-a66d-811b7d7c2acd

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/931023

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a7467e38a1122b5c0cc33e756868fc6b890f12136c27068aaefaa212d3432d02/

Threat name:

Win32.Trojan.BunituCrypt

Status:

Malicious

First seen:

2022-01-31 15:12:11 UTC

File Type:

PE (Dll)

Extracted files:

AV detection:

22 of 28 (78.57%)

Threat level:

5/5

Verdict:

unknown

Quakbot

7a59ead9d0a1d3217125510152aa887e9ebeee440f4e8dd1dc2300cdd2bc84b1

Quakbot

e58b9bbb7bcdf3e901453b7b9c9e514fed1e53565e3280353dccc77cde26a98e

Quakbot

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220131-sk7bwahecq/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

a7467e38a1122b5c0cc33e756868fc6b890f12136c27068aaefaa212d3432d02

MD5 hash:

ce83efc63c2f372c6213ebc58126fa51

SHA1 hash:

89398c1265f6475373250792138d7350979b3029

Link:

https://www.unpac.me/results/cdb96bf3-9beb-43d4-93eb-a12544d3dfa2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.26

Link:

https://yomi.yoroi.company/submissions/a7467e38a1122b5c0cc33e756868fc6b890f12136c27068aaefaa212d3432d02

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/228509/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample