MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0258e4d45a488bfa45356a5bc55080d7ecc273cd0c1cb7556960427fba9c23f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0258e4d45a488bfa45356a5bc55080d7ecc273cd0c1cb7556960427fba9c23f
SHA3-384 hash: d44691c38c78da4d82a196b4038a2606ded99fac4bd6130e382594d3d06d0d6a9dbc92d5156de68e28289e0981a87fc0
SHA1 hash: f48ed000f0706a5bb8e9819478aacfdbe99211ad
MD5 hash: 190753b3288cb60dbb034db366c18a15
humanhash: spaghetti-uranus-apart-four
File name:44607.dat
Download: download sample
Signature Quakbot
Create hunting rule
File size:1'761'280 bytes
First seen:2023-02-03 14:20:24 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash a3432b773266dde6a100dba767517009 (9 x Quakbot)
ssdeep 24576:zrj3nPW3ednWPiT8VTBqcATV8KIyydLXGcq8z+0uaEYmgEJ/tc1:T3nCeCiT8aHxyM18z+XatEJ1
Threatray 3'039 similar samples on MalwareBazaar
TLSH T18C85AD0242CC129AF14D3B78243C1F7FD3BBB7A87B19634E9654B8A9AFAB7D34115600
TrID 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.7% (.EXE) Win64 Executable (generic) (10523/12/4)
7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon 0000000000000000 (872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer)
Reporter pr0xylife
Tags:dll obama236 Qakbot Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
240
Origin country :
DE DE
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/359933/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
greyware packed shell32.dll
Link:
https://www.filescan.io/uploads/63dd18512d4f6d560e2420dd/reports/43435eea-d21d-45ec-987c-c36f1a91df85/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/e0258e4d45a488bfa45356a5bc55080d7ecc273cd0c1cb7556960427fba9c23f
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/1e8a4bb7-7e18-4534-bd8d-824040a6ccf6
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1165151
Signature
Sigma detected: Execute DLL with spoofed extension
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 797923 Sample: 44607.dat.dll Startdate: 03/02/2023 Architecture: WINDOWS Score: 48 31 Sigma detected: Execute DLL with spoofed extension 2->31 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 7 other processes 8->16 process5 18 rundll32.exe 10->18         started        20 WerFault.exe 17 9 12->20         started        23 WerFault.exe 9 14->23         started        25 WerFault.exe 2 9 16->25         started        dnsIp6 27 WerFault.exe 7 9 18->27         started        29 192.168.2.1 unknown unknown 20->29 process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e0258e4d45a488bfa45356a5bc55080d7ecc273cd0c1cb7556960427fba9c23f/
Threat name:
Win32.Trojan.BotX
Create hunting rule
Status:
Malicious
First seen:
2023-02-03 14:21:09 UTC
File Type:
PE (Dll)
Extracted files:
4
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4asy4tkfusel7jctk2s3yviibv7myjz42da4w5kwsyccp65jyi7q._file
Verdict:
malicious
Label(s):
qakbot
Create hunting rule
Similar samples:
1b1a6b891687bea71774e3f1776b73fee79602f960eb9cae891ad2c5acb277cf
Quakbot
26975798246161199b20263f3793e1c6d56299c0a881c6dfcd4bc9b753b75212
Quakbot
26a5c35034800e786a979358b4cd86cc15ddef9abdf711fd2d3cd38ba59ee4c2
Quakbot
284f0fabbdfc1172cb1cbf74473321668c4b31789d93158669f6735bec124817
Quakbot
2e698c8ff8399eaf27d2dda8fed11d151fcf4d723715468fe1dcc298ac32aa36
Quakbot
3de82b2ddaafc7205365b88a5033be0260b97946dfeb10372b9d4c1db7f59c22
Quakbot
57f86a03dcb2a9ebdd6d7184201cef6ba9d70f57aa524682857d4e7a27ec57ae
Quakbot
845900fb58adf3e8b086c9517dfc5deeaefb5e6be80606b8e93c21502d2fe44c
Quakbot
c259bf6cdeab63308fdcd798420eb4cc01505602210388a17d8b276112fd3956
Quakbot
cfef52c6925ba86878bf04f20ad3561de1f0bd0bec7a3719a677c397a29bd934
Quakbot
+ 3'029 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230203-rnz7asff78/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
e0258e4d45a488bfa45356a5bc55080d7ecc273cd0c1cb7556960427fba9c23f
MD5 hash:
190753b3288cb60dbb034db366c18a15
SHA1 hash:
f48ed000f0706a5bb8e9819478aacfdbe99211ad
Link:
https://www.unpac.me/results/c00cde7b-c939-4858-b8da-f005b90cb65f/
Malware family:
QBot
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e0258e4d45a4/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e0258e4d45a488bfa45356a5bc55080d7ecc273cd0c1cb7556960427fba9c23f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/359933/

Comments