MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ddfdea461d680e418e972dca65c46f61dbd5c173e770fb29e118ebeaa59091b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ddfdea461d680e418e972dca65c46f61dbd5c173e770fb29e118ebeaa59091b6
SHA3-384 hash: 1088944cfee8ac469401278368186f9f0d59f98d751353ba7656c7bfe097b2fbde7847b33ba8c7e30100487a83741a4d
SHA1 hash: 718eb82c145ea432380a43ccca5a1e36b57a37b0
MD5 hash: 74624940c90f4262a498e687efad98d7
humanhash: queen-fruit-wolfram-vegan
File name:Detail7.zip
Download: download sample
Signature Quakbot
Create hunting rule
File size:392'735 bytes
First seen:2022-10-27 15:47:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: PG1
ssdeep 6144:7ARdYIYyeGYO8Ilg6va95QJI+REf/OV8ZsobxFkVH9/2wNfHSu5M/K/FbdRRyA8N:7ARddY5Otg6v++/AxFkVd/2wNfHY/yRs
TLSH T18984239A3C29D0ACC53C0992D99CCDBC9B183B8C4E6D5DEF99ADC32C51CA189D735B80
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter proxylife
Tags:1666863946 BB04 pw-PG1 Qakbot Quakbot zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
191
Origin country :
n/a
File Archive Information

This file archive contains 5 file(s), sorted by their relevance:

File name:replicates.txt
File size:126'540 bytes
SHA256 hash: 08eec7ede502b333a499cdc80d1458261d58dfb35a54439f8c40dd77aea78edd
MD5 hash: 6da8a70cb43360a0f0b50aac3bd49b79
MIME type:text/plain
Signature Quakbot
File name:pewee.dat
File size:432'640 bytes
SHA256 hash: aa8fbf0411339a0acce09cebab6aea8ed00ceaec76fd92f304ee41c09a9372a4
MD5 hash: 05d1d58e3f9daec829d88069772b5e2b
MIME type:application/x-dosexec
Signature Quakbot
File name:plod.txt
File size:119'874 bytes
SHA256 hash: ac2d04eba7f7b9a89896abb172dd3b41bc94e590f46e1d3991df15fce02dfc32
MD5 hash: 5c3005ab02cc526fce33d0cc11dd2adc
MIME type:text/plain
Signature Quakbot
File name:Details.lnk
File size:1'787 bytes
SHA256 hash: 2784c03200d3c43355592b61dd453215f0774c77b887c4f3937ee89920a79162
MD5 hash: a5490601021e4b34bda79dfae956811a
MIME type:application/octet-stream
Signature Quakbot
File name:forerunners.cmd
File size:387 bytes
SHA256 hash: 3bfa5906ef079c608d1b513bea0130c395c319998265fdcd3d34e31a326e0c2d
MD5 hash: f9fdc0dab2ef111da25d41e8c2cddcc5
MIME type:text/x-msdos-batch
Signature Quakbot
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.PKillPWZipISOAllTheSmallThings.20221024.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/ddfdea461d680e418e972dca65c46f61dbd5c173e770fb29e118ebeaa59091b6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ddfdea461d680e418e972dca65c46f61dbd5c173e770fb29e118ebeaa59091b6/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3x66urq5nahedduxfxfglrdpmhn5lqlt45ypwkpbddv6vjmqsg3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ddfdea461d680e418e972dca65c46f61dbd5c173e770fb29e118ebeaa59091b6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PassProtected_ZIP_ISO_file
Create hunting rule
Author:_jc
Description:Detects container formats commonly smuggled through password-protected zips

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments