MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac99b1d6fa6746b9a2e89f404e88a7fc249daf9cda5bb1f1639371cd36379237. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	ac99b1d6fa6746b9a2e89f404e88a7fc249daf9cda5bb1f1639371cd36379237
SHA3-384 hash:	ed883c310f41b8e3086e9c99cdcc42bf177e5162a4475baabbe25f8f37c5ea89392a9287e3c54f090fd00a4316f9c211
SHA1 hash:	d1d9c420c4b06e33f4bd8b84f740be04db035fc4
MD5 hash:	e351d66cd0103864d9fdb439a451b253
humanhash:	december-arizona-football-uranus
File name:	user.dat
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	528'384 bytes
First seen:	2022-12-22 19:07:12 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	d0ce5a8d5d0f4fa36cbdd8035bad1ebc (4 x Quakbot)
ssdeep	12288:+ihnctArBgRprvbiIIAuz19n26pmpmlCO:HnqAyprvbiIIAuRUmxf
Threatray	1'873 similar samples on MalwareBazaar
TLSH	T11BB4D01172E39175EC9742B1201E5F3DEFF97A2046779C9B4F9804C12F249A2EB3664B
TrID	31.0% (.EXE) InstallShield setup (43053/19/16) 22.5% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 11.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 9.4% (.SCR) Windows screen saver (13097/50/3) 7.5% (.EXE) Win64 Executable (generic) (10523/12/4)
Reporter	malwarelabnet
Tags:	dll obama232 Qakbot Quakbot

Intelligence

File Origin

# of uploads :

# of downloads :

188

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/349130/

Result

Verdict:

Clean

Maliciousness:

Gathering data

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/eb1e5589-8ac4-4c02-a9ca-4cb46d26a82b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ac99b1d6fa6746b9a2e89f404e88a7fc249daf9cda5bb1f1639371cd36379237/

Threat name:

Win32.Backdoor.Quakbot

Status:

Malicious

First seen:

2022-12-22 16:35:11 UTC

File Type:

PE (Dll)

AV detection:

10 of 26 (38.46%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=vsm3dvx2m5dltixit5ae5cfh7qsj3l443jn3d4ldsny42nrxsi3q._file

Verdict:

malicious

Label(s):

qakbot

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/221222-xs7ptsac21/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

ac99b1d6fa6746b9a2e89f404e88a7fc249daf9cda5bb1f1639371cd36379237

MD5 hash:

e351d66cd0103864d9fdb439a451b253

SHA1 hash:

d1d9c420c4b06e33f4bd8b84f740be04db035fc4

Link:

https://www.unpac.me/results/96925b54-ce48-485f-966d-2aa66dacfa3f/

Malware family:

QBot

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/ac99b1d6fa67/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.16

Link:

https://yomi.yoroi.company/submissions/ac99b1d6fa6746b9a2e89f404e88a7fc249daf9cda5bb1f1639371cd36379237

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/349130/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample