MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd333db4f622d57ab029da1159bc4e803647429e942e48e437829009c83f79af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd333db4f622d57ab029da1159bc4e803647429e942e48e437829009c83f79af
SHA3-384 hash: a0a26df195b93df682d91b693298961a6cac4b8b37313c8a01aecb6992f2412bb668e3186400bd3d755a367b40249860
SHA1 hash: 494af15c7d96e60bf6670509730225d5769046ad
MD5 hash: 613b346755fe1f08242d963a9d06094f
humanhash: burger-lima-robin-august
File name:44461.3827978009.bin
Download: download sample
Signature Quakbot
Create hunting rule
File size:495'616 bytes
First seen:2021-09-24 18:22:29 UTC
Last seen:2021-09-24 19:12:00 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 55e63e10220d9780afbfa2f458c9d3dc (5 x Quakbot)
ssdeep 6144:zbqzVbbUYjG8AClk8+a05KhoSiMsJZuSsnDxeHakVqhhmaM+5Vg0nKH5PnFyunQ:fqxgYjG8ACv+pKhpsJZRXH52LMcg5n
Threatray 100 similar samples on MalwareBazaar
TLSH T125B4AF2EBED2D151C83819B9CD92C8E672387865AE18D2533AD53F3F69F74D11C4A08E
Reporter nokae8
Tags:dll obama103 Qakbot qbot Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
231
Origin country :
n/a
Vendor Threat Intelligence
Detection:
QakBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/191233/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Sabsik.FL.Bml.16064.23414.UNOFFICIAL
Create hunting rule

Malware family:
Qakbot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6c343daa-b16b-4d3f-a928-323958810a6c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dd333db4f622d57ab029da1159bc4e803647429e942e48e437829009c83f79af/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2021-09-24 18:23:06 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
qakbot
Create hunting rule
gozi
Create hunting rule
Similar samples:
095c41270ae3a26ae9efb626be12ed920c44432f3c8cc8ed8ee67d67425c1251
Quakbot
153862cb79a2312f54a2307460872006138a649cdac6525df1d04c093c8b1454
Quakbot
33c3a88267f341d9c5cb468ce91e6d6b656ab11ef162b782286e0307f07bee9d
Quakbot
34f2232d9aa407155dc3f4dabaf907c2656e2e5a84c98b4c8d3ed1d50e475c87
Quakbot
41f07a0bd745cd45713adc628491ed50aec7176b168ad712dcd19f67f68a729d
Quakbot
58f1d76e28cd9aa9106b011e62dc4bd4deaea9afdb66734adb2eadc5109095ff
Quakbot
5ac3a36dbb4c23e0a8b04f9d8563c2309d74f9ad9dbfdebac7929ef8552afc0a
Quakbot
63deda6fe8af221a650f6ba6a2ee6c7fec17f10bc5e063c9b0aaee4981a01150
Quakbot
8d55a54993c00a00daccdf2c7bf69978dbc0222af5b2d024e4e2043695401040
Quakbot
dbbf53b95b91d68e321e5551c8a88ef3230ca525a4de1aa5e8219d4d71212f76
Quakbot
+ 90 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot botnet:obama103 campaign:1632477754 banker stealer trojan
Link:
https://tria.ge/reports/210924-w1f2eahfa6/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Loads dropped DLL
Qakbot/Qbot
Malware Config
C2 Extraction:
136.232.34.70:443
216.201.162.158:443
92.59.35.196:2222
105.198.236.99:443
185.250.148.74:443
73.77.87.137:443
196.218.227.241:995
103.148.120.144:443
120.150.218.241:995
47.22.148.6:443
140.82.49.12:443
71.74.12.34:443
27.223.92.142:995
76.25.142.196:443
95.77.223.148:443
75.188.35.168:443
96.37.113.36:993
173.21.10.71:2222
45.46.53.140:2222
73.151.236.31:443
181.163.96.53:443
189.210.115.207:443
72.252.201.69:443
89.101.97.139:443
109.12.111.14:443
24.55.112.61:443
24.139.72.117:443
24.229.150.54:995
67.165.206.193:993
75.107.26.196:465
68.204.7.158:443
185.250.148.74:2222
68.186.192.69:443
24.152.219.253:995
50.29.166.232:995
75.67.192.125:443
24.95.61.62:443
Unpacked files
SH256 hash:
ec2f4a34195cc02eb1c2c25485b010fd385013b98b395cf690a4bc36e7ef0f7b
MD5 hash:
1e96fdf6c0dd78dda3d333945953d79c
SHA1 hash:
cc09769b6d0ba275ca3d3f8ce4bba027fb46b441
Link:
https://www.unpac.me/results/b2ec6c3e-f148-41fa-9d13-bca32674e526/
SH256 hash:
dd333db4f622d57ab029da1159bc4e803647429e942e48e437829009c83f79af
MD5 hash:
613b346755fe1f08242d963a9d06094f
SHA1 hash:
494af15c7d96e60bf6670509730225d5769046ad
Link:
https://www.unpac.me/results/b2ec6c3e-f148-41fa-9d13-bca32674e526/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dd333db4f622d57ab029da1159bc4e803647429e942e48e437829009c83f79af

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Quakbot

DLL dll dd333db4f622d57ab029da1159bc4e803647429e942e48e437829009c83f79af

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/191233/

Comments