MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b85eb83c1741e2347d5eddb443ac59202028c6eb6b56b105d13dfb9a86fd08f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b85eb83c1741e2347d5eddb443ac59202028c6eb6b56b105d13dfb9a86fd08f6
SHA3-384 hash: c3b72379efd7ed2c74bdc23d5909690986e9564c1ffcb407faf654e9f01cb910bafe3342384e0c4a0b964ebf7465fca5
SHA1 hash: 88153d13b99bd67c8bcb0c1c0e4406c93e165c0f
MD5 hash: b9c39e7e2002e6ff858e716c51a8c583
humanhash: twelve-tennis-paris-arizona
File name:aaa.exe
Download: download sample
File size:163'840 bytes
First seen:2022-02-09 00:18:48 UTC
Last seen:2022-02-09 01:51:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4753904c40d638a1bc745c65b88291d5 (1 x Zexa, 1 x ArkeiStealer)
ssdeep 3072:Mp/DpDDpGDpaDpDDp8DpDDpLDpDDp8DpDDpaDpDDp8DpDDpCDpDDp8DpDDpa:2/VDVGVaVDV8VDVLVDV8VDVaVDV8VDVs
Threatray 1 similar samples on MalwareBazaar
TLSH T106F37E43A5CCB576CB9B02372A94DA3811E82190D7484B02FBFD397ABFC6AD1358E355
Reporter adm1n_usa32
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
164
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
aaa.exe
Verdict:
Malicious activity
Analysis date:
2022-02-09 00:17:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0bd91929-be89-44c9-b72b-274d9f0db025

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/239014/
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file
DNS request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/6414/overview
Behaviour
MalwareBazaar
SystemUptime
EvasionGetTickCount
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/620309044077c8b9a02373a2/reports/c1d67a63-4247-4462-b659-3f9c01d11a20/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4cd9b7b0-d9f6-4788-b3a7-e51b93bdb350
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/936506
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b85eb83c1741e2347d5eddb443ac59202028c6eb6b56b105d13dfb9a86fd08f6/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2022-02-02 19:45:00 UTC
File Type:
PE (Exe)
Extracted files:
39
AV detection:
36 of 43 (83.72%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
cc6297f7df4aca6dceda00c9812e06d20a3967924d4260df6909c1a86e36b415
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/220209-al88ragghp/
Behaviour
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Unpacked files
SH256 hash:
b85eb83c1741e2347d5eddb443ac59202028c6eb6b56b105d13dfb9a86fd08f6
MD5 hash:
b9c39e7e2002e6ff858e716c51a8c583
SHA1 hash:
88153d13b99bd67c8bcb0c1c0e4406c93e165c0f
Link:
https://www.unpac.me/results/0b87d23c-864e-46fa-b257-cb63d110015f/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b85eb83c1741e2347d5eddb443ac59202028c6eb6b56b105d13dfb9a86fd08f6

(this sample)

anyrun
any.run
https://app.any.run/tasks/0bd91929-be89-44c9-b72b-274d9f0db025
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/239014/

Comments