MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd512637972d159d9ed4a6e92f095f57851558c5ea17a5c1d11f7137f00b2223. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd512637972d159d9ed4a6e92f095f57851558c5ea17a5c1d11f7137f00b2223
SHA3-384 hash: fbd026eaf754dbef7192c4c26c37fc42e871ebf41ed55022ed0e2b4c52292fb05bb353661ae0bcf35bc3d4c8e5dde305
SHA1 hash: bb8667794b7ae7b87413dea0d723df71cc216328
MD5 hash: d13a380cd83f60d23af0aec42767cc98
humanhash: salami-comet-mountain-king
File name:Refusal-196312897-10062020.zip
Download: download sample
Signature Quakbot
Create hunting rule
File size:31'121 bytes
First seen:2020-10-08 06:11:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:vV6RO/Ch5jUkS760nkVIlyJ2MXy5/eZUFk6i3swChUaD:vt/6jsnkV0vJ5D
TLSH 38D2F1907163FA6574E80CE1D9022E7061F4814339FDD7B881F49F7A536ACE9DA07687
Reporter abuse_ch
Tags:1and1 abc015 LLC MILKY PUT Qakbot qbot Quakbot zip


Avatar
abuse_ch
Malspam distributing Quakbot:

HELO: mout.kundenserver.de
Sending IP: 212.227.126.135
From: <dkempf@lestonnac.chevreul-lyon.org>
Subject: Re: Website Enquiry
Attachment: Refusal-196312897-10062020.zip (contains "Refusal-196312897-10062020.xls")

Quakbot payload URL:
http://contra-banned.com/ekiofyqq/530340.png

Quakbot C2s:
71.163.222.203:443
166.62.183.139:2078
65.131.32.110:995
117.215.192.15:443
77.31.120.194:995
173.245.152.231:443
181.91.252.68:443
2.51.221.138:995
86.126.108.242:2222
59.96.167.189:443
80.240.26.178:443
84.117.176.32:443
72.204.242.138:32102
197.133.16.204:443
71.221.92.98:443
191.84.8.255:443
98.16.204.189:995
72.186.1.237:443
2.50.159.48:2222
70.124.29.226:443
66.208.105.6:443
69.40.16.109:443
151.73.118.54:443
173.70.165.101:995
96.227.127.13:443
199.116.241.147:443
71.126.139.251:443
109.93.11.111:995
80.14.209.42:2222
184.21.136.237:443
207.255.161.8:993
47.44.217.98:443
71.187.170.235:443
78.97.3.6:443
190.220.8.10:443
108.46.145.30:443
184.97.132.62:443
45.77.193.83:443
98.26.50.62:995
199.247.22.145:443
45.32.155.12:443
155.186.9.160:443
96.30.198.161:443
41.230.209.248:443
207.246.75.201:443
65.30.213.13:6882
72.204.242.138:990
208.99.100.129:443
72.204.242.138:443
24.71.28.247:443
108.5.34.248:443
70.168.130.172:995
103.238.231.40:443
73.228.1.246:443
86.126.17.13:443
217.162.149.212:443
108.191.28.158:443
207.255.161.8:995
24.122.0.90:443
188.27.178.166:443
184.180.157.203:2222
72.204.242.138:53
79.115.145.186:2222
93.113.177.152:443
45.32.154.10:443
74.109.219.145:443
172.78.30.215:443
67.60.113.253:2222
24.139.132.70:443
61.230.5.67:443
66.215.32.224:443
89.137.211.239:443
178.87.45.114:443
24.27.82.216:2222
2.50.57.36:443
186.6.203.170:443
141.158.47.123:443
80.195.103.146:2222
134.228.24.29:443
72.204.242.138:32100
100.4.173.223:443
66.26.160.37:443
24.234.86.201:995
2.7.65.32:2222
72.190.101.70:443
207.255.161.8:443
217.165.96.127:990
207.255.18.67:443
72.28.255.159:995
72.204.242.138:50001
86.177.171.45:2222
95.179.247.224:443
199.247.16.80:443
188.25.96.68:443
117.218.208.239:443
156.213.145.107:443
95.77.223.148:443
71.19.217.23:443
188.247.252.243:443
72.66.47.70:443
71.12.214.209:2222
188.27.199.113:2222
35.134.202.234:443
75.136.26.147:443
165.0.182.63:995
70.174.20.7:443
68.225.60.77:443
2.50.131.64:443
66.222.88.126:995
77.27.174.49:995
68.14.210.246:22
50.244.112.106:443
184.98.103.204:995
72.204.242.138:20
96.18.240.158:443
93.149.253.201:2222
103.206.112.234:443
74.105.52.200:443
188.25.130.161:443
31.215.193.110:443
90.175.88.99:2222
216.201.162.158:443
74.75.237.11:443
75.136.40.155:443
24.37.178.158:443
5.193.181.221:2078
203.106.195.67:443
71.217.125.53:2222
203.198.96.200:443
144.139.47.206:443
67.170.137.8:443
67.8.103.21:443
173.22.125.129:2222
81.133.234.36:2222
190.85.91.154:443
71.80.66.107:443
96.243.35.201:443
59.26.204.144:443
89.42.142.35:443
41.97.44.46:443
24.43.22.220:993
68.13.99.24:443
84.232.238.30:443
41.36.61.159:995
197.210.96.222:995
69.11.247.242:443
2.88.12.102:995
47.138.201.136:443
185.19.190.81:443

Intelligence

File Origin
# of uploads :
1
# of downloads :
179
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd512637972d159d9ed4a6e92f095f57851558c5ea17a5c1d11f7137f00b2223/
Threat name:
Script.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 22:13:12 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zvismn4xfukz3hwuu3us6ck7k6crkwgf5il2lqord5ytp4aleirq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cd512637972d159d9ed4a6e92f095f57851558c5ea17a5c1d11f7137f00b2223

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Quakbot

zip cd512637972d159d9ed4a6e92f095f57851558c5ea17a5c1d11f7137f00b2223

(this sample)

Quakbot

Executable exe eb01e55059ade01c30a9dd0525199762434af8994da45c77ab052b9c99158f85

Quakbot

Excel file xls 90a9146af294adeff210b740abf343108177c8c6d2aa9404dd22c76ee7afa911

  
URLhaus
https://urlhaus.abuse.ch/url/668601/
  
Dropping
MD5 5de5e88facbf1bab98354f043490e3d5
  
Dropping
Quakbot
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 90a9146af294adeff210b740abf343108177c8c6d2aa9404dd22c76ee7afa911

Comments