MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df7d37e6f80a6c6523fce69a2379639aa599662aa9c59cba57159c6328b8728b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df7d37e6f80a6c6523fce69a2379639aa599662aa9c59cba57159c6328b8728b
SHA3-384 hash: b9b30438303d8640f591094d95b77d6c42a33ae939f0f8134b9168f35cea852118688f22b7f58a22b4d958f376de7180
SHA1 hash: abaac11135f4cbdceb4a5d087429ae2af949969f
MD5 hash: bbe2eb88514b3eab5df64003cd942f84
humanhash: mexico-ack-edward-steak
File name:845735.dat
Download: download sample
Signature Quakbot
Create hunting rule
File size:790'016 bytes
First seen:2023-02-09 17:59:39 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash e62ccf1e5c561da53ca2f798bfd5b608 (5 x Quakbot)
ssdeep 24576:/H81smt4vyVjXe1ikZdtjMsc7MscXMscktkTNd8uB:kefBtkf8
Threatray 1'938 similar samples on MalwareBazaar
TLSH T104F43A2AFA0191F9ED1200F2950FFBFB54342B394C65CCDBE2441EADBBB5D60511AB1A
TrID 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.7% (.EXE) Win64 Executable (generic) (10523/12/4)
7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter malwarelabnet
Tags:dll Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
195
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/362942/
Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed shell32.dll
Link:
https://www.filescan.io/uploads/63e534a513286ddce30b596b/reports/7f009f3f-59dd-4512-9419-d15969927abb/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/df7d37e6f80a6c6523fce69a2379639aa599662aa9c59cba57159c6328b8728b
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/e22f858f-c3a9-4a9d-b85a-20cb68daa9b1
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1170339
Signature
Sigma detected: Execute DLL with spoofed extension
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 803133 Sample: 845735.dat.dll Startdate: 09/02/2023 Architecture: WINDOWS Score: 48 34 Sigma detected: Execute DLL with spoofed extension 2->34 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 7 other processes 8->16 process5 18 rundll32.exe 10->18         started        20 WerFault.exe 6 9 12->20         started        22 WerFault.exe 9 14->22         started        24 WerFault.exe 9 16->24         started        26 WerFault.exe 16->26         started        28 WerFault.exe 16->28         started        30 2 other processes 16->30 process6 32 WerFault.exe 19 11 18->32         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df7d37e6f80a6c6523fce69a2379639aa599662aa9c59cba57159c6328b8728b/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2023-02-09 18:00:07 UTC
File Type:
PE (Dll)
AV detection:
9 of 26 (34.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=356tpzxybjwgki7442ncg6ldtkszszrkvhczzosxcwoggkfyokfq._file
Verdict:
malicious
Label(s):
qakbot
Create hunting rule
Similar samples:
022d1d6da141529bf2f6357fa466603d8544b4151d0d4534cd51c3e05d1dd1d5
Quakbot
057a01850c142230544710ea363b2af54cd5ddbf299a103e10e9d3cbbee6f021
Quakbot
4506cd463975098bdcad837059aefb8bfee00200e1eae25c6ebfaff14f564f2c
Quakbot
69fc127cf404c0a8126d1489b099d67bef28852d47c0854d85d0df1ea9d7e903
Quakbot
70d8f263a41bc7606968ed192e027338c7ff63a1dc80675b039cfac2861bcebc
Quakbot
73c6b431eb5a92719ba406a765d011aa709234af3675e9de4eff9c5f9edd3fe3
Quakbot
cb1f3849fd8c7ed11de44087378ef7fb4a4f060ed7d5222d044a12d07c1c4fff
Quakbot
cc97293401b033700c6ca626147931a8955262cf4203c0ecfa80a9d7d4b572d6
Quakbot
e1f670924bf0dac3e239d0acb5d9cc8fc83c9d8f927dbf758ad01a0bdffdbe63
Quakbot
f89369a40c56332a7dcdd526491216f9125697221b9655c0dfb7a418e183b496
Quakbot
+ 1'928 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230209-wla7lsef67/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
df7d37e6f80a6c6523fce69a2379639aa599662aa9c59cba57159c6328b8728b
MD5 hash:
bbe2eb88514b3eab5df64003cd942f84
SHA1 hash:
abaac11135f4cbdceb4a5d087429ae2af949969f
Link:
https://www.unpac.me/results/0c67761a-692c-4440-8de2-37d359aa7621/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/df7d37e6f80a6c6523fce69a2379639aa599662aa9c59cba57159c6328b8728b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/362942/

Comments