MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5a272896e6a8ffce6c06d64923a3eb3d281e76924f796c350e0e0e2c1f5c939. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	c5a272896e6a8ffce6c06d64923a3eb3d281e76924f796c350e0e0e2c1f5c939
SHA3-384 hash:	276b44e913098144de42fcfb4df2eddd98494d811e5769d962d479633ab6df3ae31218c9781d71e9537342e470396988
SHA1 hash:	e14cd6c76cade1db3f4d4d05d9ab86bd655acb85
MD5 hash:	6e21df18a71f68b0ebe337fed1210e98
humanhash:	venus-artist-hawaii-lamp
File name:	6e21df18a71f68b0ebe337fed1210e98.dll
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	838'088 bytes
First seen:	2021-01-21 07:07:24 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
ssdeep	6144:x2qOhcKhxwFnxxAhlVIinaOK+BSpZyw9ZXXXXXXXXXXX9:xeRqxx2VIOjK+U6w9T
TLSH	4605FEDD09B4427FE48C39F90C179BE5AE0EE3D9524E50EE89E39624814EEF7841A533
Reporter	abuse_ch
Tags:	dll Qakbot qbot Quakbot

Intelligence

File Origin

# of uploads :

# of downloads :

161

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/113230/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c5a272896e6a8ffce6c06d64923a3eb3d281e76924f796c350e0e0e2c1f5c939/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2021-01-21 07:08:07 UTC

AV detection:

13 of 46 (28.26%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ywrhfclonkh7zzwanvsjeor6wpjidz3jet3znq2q4dqofqpvze4q._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210121-jztxldjpvs/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

c5a272896e6a8ffce6c06d64923a3eb3d281e76924f796c350e0e0e2c1f5c939

MD5 hash:

6e21df18a71f68b0ebe337fed1210e98

SHA1 hash:

e14cd6c76cade1db3f4d4d05d9ab86bd655acb85

Link:

https://www.unpac.me/results/48103130-afc3-4030-b019-ed656cacbffa/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

qbot

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c5a272896e6a8ffce6c06d64923a3eb3d281e76924f796c350e0e0e2c1f5c939

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

DLL dll c5a272896e6a8ffce6c06d64923a3eb3d281e76924f796c350e0e0e2c1f5c939

(this sample)

Cape

https://www.capesandbox.com/analysis/113230/

URLhaus

https://urlhaus.abuse.ch/url/921259/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample