MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bdba7177f8e75e073c0043151b69a2f9bb33421df85bf1ce1537ea6ed980cdc2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bdba7177f8e75e073c0043151b69a2f9bb33421df85bf1ce1537ea6ed980cdc2
SHA3-384 hash: 5b75e9f348627575926c6389ef5cce577a9cea59e77edb617157cf7925e174250122a428a863c873c4a310a9fa0cfcbf
SHA1 hash: 78888e514256c48ddf217f62313901b344cc7596
MD5 hash: fecb664d433bed61e682bc44184622f5
humanhash: five-fifteen-football-virginia
File name:ORDER009984834.lzh
Download: download sample
Signature Quakbot
Create hunting rule
File size:556'751 bytes
First seen:2020-10-13 09:31:11 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:MBxRyWhdUhrzGJhPi7usCz1KTnKchjpoWEGE9kj6dd0DFQ/:MzRB0PCPi7usCJH2S59q6fGM
TLSH EEC4239096CBA41201DCF613A95A216C39C9E71FE91D4CCFA5C8DBE0D05896CF9E2CF6
Reporter cocaman
Tags:lzh Quakbot


Avatar
cocaman
Malicious email (T1566.001)
From: "sales <arktex@cyber.net.pk>"
Received: "from webmail.cyber.net.pk (mail.cyber.net.pk [203.101.175.37]) "
Date: "Tue, 13 Oct 2020 16:03:55 +0800"
Subject: "RFQ"
Attachment: "ORDER009984834.lzh"

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bdba7177f8e75e073c0043151b69a2f9bb33421df85bf1ce1537ea6ed980cdc2/
Threat name:
Win32.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 09:33:04 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xw5hc57y45paopaaimkrw2nc7g5tgqq57bn7dtqvg7vg5wmazxba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bdba7177f8e75e073c0043151b69a2f9bb33421df85bf1ce1537ea6ed980cdc2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Quakbot

rar bdba7177f8e75e073c0043151b69a2f9bb33421df85bf1ce1537ea6ed980cdc2

(this sample)

Quakbot

Executable exe 1ef19274dbacbf0db57108d6d05f25b92eba6e563350c67bac58f07244fe54d7

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1ef19274dbacbf0db57108d6d05f25b92eba6e563350c67bac58f07244fe54d7

Comments