MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3527a29989b0d6122e692660c965b9120c0e1ef680601ae64fe2b5d31c9b1c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 3


Intelligence 3 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3527a29989b0d6122e692660c965b9120c0e1ef680601ae64fe2b5d31c9b1c6
SHA3-384 hash: ab7ab27ef2cfa40decb088e382b7154b9db00907f3c2216ac57efd9ac35d43758cd0787be2764a57f4cb14863c31406d
SHA1 hash: e6444ca2fb057266485e74d957d8b403b4eddecc
MD5 hash: 9912f6a13b3410fbfa187697f61a9270
humanhash: rugby-hydrogen-dakota-india
File name:Gall1223072780.zip
Download: download sample
Signature Quakbot
Create hunting rule
File size:419'938 bytes
First seen:2022-10-03 15:15:50 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: R871
ssdeep 6144:XAwDCCVU9QC29kk9AeULo6IaNKbfMof++1NQY1U0TDItM3rD0OYOFHFHJYYB:wwPVU9QVBAmo2MoG+1t22zrfFlHJYYB
TLSH T1719423C5BFAF787ECE1311E3D59C91347AA681DD71174D29A33E246900C5820BABF63A
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter pr0xylife
Tags:BB pw R871 Qakbot Quakbot zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
251
Origin country :
n/a
File Archive Information

This file archive contains 8 file(s), sorted by their relevance:

File name:purge.jpg
File size:35'477 bytes
SHA256 hash: a11b700babdc7b22bdaa833790716b432e82c9e196aaaab344bd6d4efeb7e94c
MD5 hash: 0b9167d578ddd702bb820640ed0f1a95
MIME type:image/jpeg
Signature Quakbot
File name:thrusters.txt
File size:125'131 bytes
SHA256 hash: 6384ac1ca3aa1e5b0135231e362af6f34b1a3b82b1282268d0d9241a20a5d9e5
MD5 hash: a754896e91e5bb19211368939ea012b4
MIME type:text/plain
Signature Quakbot
File name:pebbles.dat
File size:493'056 bytes
SHA256 hash: 1965dc57456d4fc01b6ce0f242d80776fe08a16354e6177255cba618348355ac
MD5 hash: d89521adaf6418e6ebe43b1a1a9d2af9
MIME type:application/x-dosexec
Signature Quakbot
File name:grandparents.txt
File size:256'512 bytes
SHA256 hash: 9fe812c674791b472e17f062c9f94200d558fc6fc85f851cce0e06b4eecf3eef
MD5 hash: 045925086490cb719cecc322e1b05603
MIME type:text/plain
Signature Quakbot
File name:depredating.txt
File size:177'177 bytes
SHA256 hash: bdfb4cdb6191e3cf7214c077dee595b42372a6d1d36001d1427ded9e38b86973
MD5 hash: ef9b0c9024a61d59a0c5bbd34d298416
MIME type:text/plain
Signature Quakbot
File name:perfunctorinessRehash.vbs
File size:237 bytes
SHA256 hash: c84838381dfad99dc6e26f0e413a38611feea4e8530abcee1b4260b82076551d
MD5 hash: f0d4ad5f3317320f8b85d38062a79008
MIME type:text/plain
Signature Quakbot
File name:Contract.lnk
File size:1'305 bytes
SHA256 hash: 6ec0ba7e0db0e097c729bf9cf80b270f0d8f7e7314cec7bf30b8c644f866e584
MD5 hash: c86d26c6773f581a96cc5198ee12830e
MIME type:application/octet-stream
Signature Quakbot
File name:irritationTemperateness.cmd
File size:61 bytes
SHA256 hash: ec9bed0d3bd243ae4db1d4c27642a363fa4f98dd13017f230cce0fb7324ed24b
MD5 hash: 5392444aa205e2fadda8b3c3daddb2ac
MIME type:text/x-msdos-batch
Signature Quakbot
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.62493711.308.6120.UNOFFICIAL
Create hunting rule

Gathering data
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/d3527a29989b0d6122e692660c965b9120c0e1ef680601ae64fe2b5d31c9b1c6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d3527a29989b0d6122e692660c965b9120c0e1ef680601ae64fe2b5d31c9b1c6/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2njhukmytmgwcixgsjtazfs3seqmbyppnadadlte7yvv2mojwhda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d3527a29989b0d6122e692660c965b9120c0e1ef680601ae64fe2b5d31c9b1c6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:PassProtected_ZIP_ISO_file
Create hunting rule
Author:_jc
Description:Detects container formats commonly smuggled through password-protected zips
Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

zip d3527a29989b0d6122e692660c965b9120c0e1ef680601ae64fe2b5d31c9b1c6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2340784/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2304031/

Comments