MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc7f8a0c0173cdb7fe20372bc4ed888006702d7882dd8a12d619afd70fbf1024. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	bc7f8a0c0173cdb7fe20372bc4ed888006702d7882dd8a12d619afd70fbf1024
SHA3-384 hash:	f09e305b43953f1ad3ee30e26416d6aeb52b962d85d55486abd79c6bb468923f880fc37be77b27672da9955a56e5feb2
SHA1 hash:	c5c2f158ae750b9ef94763d484dfef2925a16f62
MD5 hash:	f4d01a3dfebf02d1f312629b8b4d4c64
humanhash:	fourteen-twenty-two-diet
File name:	Sjeq7vH8HEmx.js
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	359'893 bytes
First seen:	2023-06-14 07:44:04 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	6144:bSfr0dh2tgcH6YTkM0cNRcpZwg/EBQ+8N/ygD1pRbRlrO/qOl8ThS:bSfrSh2tgcH6YTkMXRcpZwg/QQ+I/ygG
TLSH	T1C07421496A45E0F09237B37BCA178420FA6B1E5B1084C936B97C51586F3D85C7EBBEC8
Reporter	JAMESWT_WT
Tags:	js Quakbot

Intelligence

File Origin

# of uploads :

1

# of downloads :

284

Origin country :

IT

Vendor Threat Intelligence

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/64896fff2df0889bde9ff601/reports/71e6d378-8eef-47b8-8aea-f7d9d9336231/overview

Verdict:

Suspicious

Labled as:

JS/Agent.QVM trojan

Link:

https://www.hybrid-analysis.com/sample/bc7f8a0c0173cdb7fe20372bc4ed888006702d7882dd8a12d619afd70fbf1024

Result

Verdict:

UNKNOWN

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bc7f8a0c0173cdb7fe20372bc4ed888006702d7882dd8a12d619afd70fbf1024/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xr7yudabopg3p7rag4v4j3miqadhallyqloyuewwdgx5od57casa._file

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/230614-jkvteaef8z/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Blocklisted process makes network request

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/bc7f8a0c0173/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/bc7f8a0c0173cdb7fe20372bc4ed888006702d7882dd8a12d619afd70fbf1024

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

js bc7f8a0c0173cdb7fe20372bc4ed888006702d7882dd8a12d619afd70fbf1024

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2659348/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2659296/

URLhaus

https://urlhaus.abuse.ch/url/2659255/

URLhaus

https://urlhaus.abuse.ch/url/2659426/

URLhaus

https://urlhaus.abuse.ch/url/2659989/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample