MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dae5768e9a2f692512613af462d3ea8d96ce9f38eee1c06ddc52cde8dec2e0a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	dae5768e9a2f692512613af462d3ea8d96ce9f38eee1c06ddc52cde8dec2e0a2
SHA3-384 hash:	65c264d236cc15a37a4cb7fa024b94631a9bf9286baec1294c0f13008a5e29aa7bc4a9ec4b26f12e1b857fad540307c2
SHA1 hash:	efcbf51286b489dd8e386a0fc048f68bc2da857a
MD5 hash:	4f3dff353b8e9a1717785c375cd768a5
humanhash:	emma-johnny-high-william
File name:	sardines.dat
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	432'640 bytes
First seen:	2022-10-27 18:48:45 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	fae84ade86333bc16f134b64e603e945 (8 x Quakbot)
ssdeep	12288:eqdD/sblafl4M/8toGXJZ6diNjPo8Ywr6t57AKC:eqdclafl4eGXuiNw8Ye6c
Threatray	1'606 similar samples on MalwareBazaar
TLSH	T15094E040F4A3DFF2D1BD183800B6A3631B2956260B26C9FB53848B267E747D15B3A776
TrID	32.2% (.EXE) Win64 Executable (generic) (10523/12/4) 20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 15.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 13.7% (.EXE) Win32 Executable (generic) (4505/5/1) 6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	zalksec_sec
Tags:	dll Qakbot Quakbot

Intelligence

File Origin

# of uploads :

1

# of downloads :

237

Origin country :

n/a

Vendor Threat Intelligence

Detection:

QakBot

Link:

https://www.capesandbox.com/analysis/325099/

Detection(s):

SecuriteInfo.com.Win32.BotX-gen.16250.15346.UNOFFICIAL

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Launching a process

Searching for synchronization primitives

Modifying an executable file

Creating a window

Unauthorized injection to a system process

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Qakbot

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ca2ec675-eba8-4903-9ebd-a042b11caa3b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/dae5768e9a2f692512613af462d3ea8d96ce9f38eee1c06ddc52cde8dec2e0a2/

Threat name:

Win32.Trojan.KBot

Status:

Malicious

First seen:

2022-10-27 18:41:39 UTC

File Type:

PE (Dll)

Extracted files:

1

AV detection:

19 of 40 (47.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3lsxndu2f5usketbhl2gfu7krwlm5hzy53q4a3o4klg6rxwc4cra._file

Verdict:

malicious

Label(s):

qakbot

Similar samples:

540033fa84f80fb1e31c73139d2a043790a980191c5c5e4416bcfa51d4394a4f

581a2c8b97a095950c90872335e30dff1355adc48781d39f5612ed44fb477c99

9bea9743ed86d925f88d75077ef37b3a4a6a652bbdd2f0e516efdfbb94fb5e06

9ffd782dc0ff611a67170546287213e7ff90f9eff32faa573493c0b1d28b980b

aa8fbf0411339a0acce09cebab6aea8ed00ceaec76fd92f304ee41c09a9372a4

e248f7a1cbd369a2111834664fa805b489c8610e0d9b7fa506c3a1fc882dd331

+ 1'596 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/221027-xgb4sadbhj/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

baa91a527959cfd2e01eaade2bd307fb3395a4e0487f72317495c5b83acda4f4

MD5 hash:

04766da11c5de3a07f2f9012e3441b21

SHA1 hash:

15ea8ad3423f3df2791181b296e8c6c2ef42207d

Detections:

Qakbot

win_qakbot_auto

Link:

https://www.unpac.me/results/c86e41ef-e07c-4744-ae0f-f94fca78fb82/

SH256 hash:

dae5768e9a2f692512613af462d3ea8d96ce9f38eee1c06ddc52cde8dec2e0a2

MD5 hash:

4f3dff353b8e9a1717785c375cd768a5

SHA1 hash:

efcbf51286b489dd8e386a0fc048f68bc2da857a

Link:

https://www.unpac.me/results/c86e41ef-e07c-4744-ae0f-f94fca78fb82/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/dae5768e9a2f692512613af462d3ea8d96ce9f38eee1c06ddc52cde8dec2e0a2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via e-mail link

Cape

Cape

https://www.capesandbox.com/analysis/325099/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample