MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa8fbf0411339a0acce09cebab6aea8ed00ceaec76fd92f304ee41c09a9372a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa8fbf0411339a0acce09cebab6aea8ed00ceaec76fd92f304ee41c09a9372a4
SHA3-384 hash: a28175e7f33842f55d984b44e31ea4d58c92141688205063bff40280317b8dc8e4df868a36784a2f44a58224913a90a6
SHA1 hash: 2d21c3edad10f9e964a202fd44a8e83254f27212
MD5 hash: 05d1d58e3f9daec829d88069772b5e2b
humanhash: connecticut-zebra-december-purple
File name:pewee.dat
Download: download sample
Signature Quakbot
Create hunting rule
File size:432'640 bytes
First seen:2022-10-27 15:47:35 UTC
Last seen:2022-10-27 17:26:59 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash fae84ade86333bc16f134b64e603e945 (8 x Quakbot)
ssdeep 12288:eqdD/sblafl4M/8toGXJZ6diNjDo8Ywr6t57AKC:eqdclafl4eGXuiNU8Ye6c
TLSH T11B94E040F4A3DFF2D1BD183800B6A3631B2956260B26C9FB53848B267E747D15B3A776
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter pr0xylife
Tags:1666863946 BB04 dll Qakbot Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
256
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/324991/
Detection(s):
SecuriteInfo.com.Win32.BotX-gen.31101.19354.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Сreating synchronization primitives
Launching a process
Searching for synchronization primitives
Modifying an executable file
Creating a window
Sending a custom TCP request
Unauthorized injection to a system process
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Qakbot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c64e795d-abfe-4e13-a1d9-2d8fa40c8b57
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aa8fbf0411339a0acce09cebab6aea8ed00ceaec76fd92f304ee41c09a9372a4/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2022-10-27 16:42:37 UTC
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vkh36bargonavthattv2w2xkr3iaz2xmo36zf4ye5za4bgutoksa._file
Verdict:
malicious
Label(s):
qakbot
Create hunting rule
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221027-s8rlbscgaq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
6c86377b59cfc4cdcca435c500dac79d5fe2b944b411512583cc5d9016385ce8
MD5 hash:
5ff89d90cb6d8acae76d0e38ec44d5f9
SHA1 hash:
1370360809eec0cd1bb585005ce9865f88966deb
Detections:
Qakbot
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/3ae9386c-7f7e-4601-b82b-28b32c26c3a6/
SH256 hash:
aa8fbf0411339a0acce09cebab6aea8ed00ceaec76fd92f304ee41c09a9372a4
MD5 hash:
05d1d58e3f9daec829d88069772b5e2b
SHA1 hash:
2d21c3edad10f9e964a202fd44a8e83254f27212
Link:
https://www.unpac.me/results/3ae9386c-7f7e-4601-b82b-28b32c26c3a6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/aa8fbf0411339a0acce09cebab6aea8ed00ceaec76fd92f304ee41c09a9372a4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/324991/

Comments