MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7c94aab85118b74b911a7e511a587313fbbe4689bef8be295d23fbd65d38bd1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a7c94aab85118b74b911a7e511a587313fbbe4689bef8be295d23fbd65d38bd1
SHA3-384 hash: 37b749ed84f51cfca3d010de9e0c63958f5669a74ab109013464e368c4ac6cc929bf4bf90400007e6bb753c2202877e7
SHA1 hash: 9c7e304bf96997106891050f427c5c1f2d24b57d
MD5 hash: 56e924ca8cd62206237706020ccc9300
humanhash: two-uranus-beryllium-cold
File name:DocumentsFolder_77203464_12202022.pdf
Download: download sample
Signature Quakbot
Create hunting rule
File size:122'825 bytes
First seen:2022-12-20 16:14:40 UTC
Last seen:Never
File type: pdf
MIME type:application/pdf
ssdeep 3072:Fdf+kzllQ8aEB0VTZ7m7x2evc4obfMYkZaY:FZQ8qVl7mMevc4efVTY
TLSH T1CCC3D086BA130770E9DFD570CD553E6B28866608C2E5C1BC903FCC4794E4EB0B7ABA85
Reporter pr0xylife
Tags:Obama231 pdf Qakbot qbot Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
346
Origin country :
US US
Vendor Threat Intelligence
Detection(s):
Pdf.Trojan.QBot-9981055-0
Create hunting rule

Result
Verdict:
Suspicious
File Type:
PDF File
Link:
https://app.docguard.net/a7c94aab85118b74b911a7e511a587313fbbe4689bef8be295d23fbd65d38bd1/results/dashboard
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/63a1df88a30561daf9ebf256/reports/3839fa09-6aa5-4f69-95c0-83c55f07e18f/overview
Label:
Malicious
Suspicious Score:
9.5/10
Score Malicious:
96%
Score Benign:
4%
Link:
https://www.malware.ai/gui/files/?id=d47b18d0-76d2-4962-b1b1-5fb52cb43399
Result
Verdict:
UNKNOWN
Details
Document With Few Pages
Document contains between one and three pages of content. Most malicious documents are sparse in page count.
IPv4 Dotted Quad URL
A URL was detected referencing a direct IP address, as opposed to a domain name.
Document With Minimal Content
Document contains less than 1 kilobyte of semantic information.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/1138059
Signature
Clickable URLs found in PDF pointing to potentially malicious files
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 770789 Sample: DocumentsFolder_77203464_12... Startdate: 20/12/2022 Architecture: WINDOWS Score: 22 35 Clickable URLs found in PDF pointing to potentially malicious files 2->35 9 AcroRd32.exe 15 45 2->9         started        process3 process4 11 chrome.exe 18 8 9->11         started        14 RdrCEF.exe 55 9->14         started        dnsIp5 31 239.255.255.250 unknown Reserved 11->31 16 unarchiver.exe 4 11->16         started        18 chrome.exe 11->18         started        33 192.168.2.1 unknown unknown 14->33 process6 dnsIp7 21 7za.exe 2 16->21         started        25 51.68.201.10, 49702, 49703, 80 OVHFR France 18->25 27 www.google.com 142.250.203.100, 443, 49714, 49736 GOOGLEUS United States 18->27 29 4 other IPs or domains 18->29 process8 process9 23 conhost.exe 21->23         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a7c94aab85118b74b911a7e511a587313fbbe4689bef8be295d23fbd65d38bd1/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u7euvk4fcgfxjoiru7srdjmhge73xzditpxyxyuv2i732zotrpiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/a7c94aab85118b74b911a7e511a587313fbbe4689bef8be295d23fbd65d38bd1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments