MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6e52031d9247741776603fee48efca924bd7b9047f234c368a0ab0e84582aa0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d6e52031d9247741776603fee48efca924bd7b9047f234c368a0ab0e84582aa0
SHA3-384 hash: 01efc88cac285c74833fda69196e05ed52b51c0b7d8a6ee91b0a59ca97c41e8190d1fe151816a952d1d3989f4d62eb31
SHA1 hash: d84ec54b11c7eec0126da004685078d8d0832628
MD5 hash: 62cc17ce3cda871877e6de3a391ff2cc
humanhash: utah-stairway-december-eight
File name:ZL49.img
Download: download sample
Signature Quakbot
Create hunting rule
File size:862'208 bytes
First seen:2022-11-18 14:18:07 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:VN5K8zWcCTi1QsC3bpWbYGQajBp6Pi1YWaw4:JK8I93bUbzQaNpx1Da
TLSH T169053A23E7491B32C1A30275674F6AE6F32880B87726C660549EC1397346C759B7BBF8
TrID 99.4% (.NULL) null bytes (2048000/1)
0.2% (.ISO) ISO 9660 CD image (5100/59/2)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
Reporter mikegmcg
Tags:img qbot Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
199
Origin country :
CA CA
File Archive Information

This file archive contains 5 file(s), sorted by their relevance:

File name:unquestioningly.txt
File size:272'404 bytes
SHA256 hash: fc1a15a9ddf1d31e318a210b46a40db9443bdb64490e6e2b44034004360f13d2
MD5 hash: 86d5ef49a2a44fb301e4711b9189dabe
MIME type:text/plain
Signature Quakbot
File name:hinged.txt
File size:133'688 bytes
SHA256 hash: e169270da930263330e54a88edc4995b3e961fb820061a77909ef7201b940333
MD5 hash: c3c7b960df91d49c69a747ecbdd7b4db
MIME type:text/plain
Signature Quakbot
File name:data.txt
File size:5 bytes
SHA256 hash: 124880061f6255dd7b59b73613ea8d246648be1d34f860b753d4b390c51496d3
MD5 hash: 2e24e01ec251c8c851897724d3469520
MIME type:text/plain
Signature Quakbot
File name:april.temp
File size:380'928 bytes
SHA256 hash: beafeae4fa11d40d69987a45a5c654f67dbc3793f1088746771e61a2256b88e3
MD5 hash: 1096fd31db8e76378bea0602fae2754b
MIME type:application/x-dosexec
Signature Quakbot
File name:SK.js
File size:9'727 bytes
SHA256 hash: 0ba184cdfa520fd888599a9c62cf5e7e0a5e0a74d3cd3c7067579a8b0d93acf1
MD5 hash: 03efc266b1d7f6081c752d152267e862
MIME type:text/plain
Signature Quakbot
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilISO.PkillWLLIAMThatPower.20221115.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/637794572445ecec3cc4d8a7/reports/5ccd598e-bdbf-4385-ab28-a555de11fdb8/overview
Result
Verdict:
UNKNOWN
Details
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d6e52031d9247741776603fee48efca924bd7b9047f234c368a0ab0e84582aa0/
Threat name:
Win32.Spyware.Bobik
Create hunting rule
Status:
Malicious
First seen:
2022-11-18 14:19:08 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
5 of 40 (12.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=23ssamozer3uc53gap7ojdx4vesl264qi7zdjq3iucvq5bcyfkqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:meth_stackstrings
Create hunting rule
Author:Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Quakbot

img d6e52031d9247741776603fee48efca924bd7b9047f234c368a0ab0e84582aa0

(this sample)

Quakbot

Java Script (JS) js 0ba184cdfa520fd888599a9c62cf5e7e0a5e0a74d3cd3c7067579a8b0d93acf1

  
Delivery method
Distributed via e-mail link
  
Dropping
SHA256 0ba184cdfa520fd888599a9c62cf5e7e0a5e0a74d3cd3c7067579a8b0d93acf1
  
Dropping
MD5 03efc266b1d7f6081c752d152267e862
  
Dropping
SHA256 beafeae4fa11d40d69987a45a5c654f67dbc3793f1088746771e61a2256b88e3
  
Dropping
MD5 1096fd31db8e76378bea0602fae2754b

Comments