MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1f670924bf0dac3e239d0acb5d9cc8fc83c9d8f927dbf758ad01a0bdffdbe63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e1f670924bf0dac3e239d0acb5d9cc8fc83c9d8f927dbf758ad01a0bdffdbe63
SHA3-384 hash: 41a74d0030450da56a6ba3a060b2fbde1d02b36fdd50d320330faf3b04c94fa55264f6481a12ea3312772c3a44ac8e73
SHA1 hash: 3f43297e3e92d6215c8dc80c037c881d386b8449
MD5 hash: 1a34300167850dfda41365dcaf2098c6
humanhash: grey-mexico-seventeen-purple
File name:01.png
Download: download sample
Signature Quakbot
Create hunting rule
File size:364'994 bytes
First seen:2023-02-09 14:59:27 UTC
Last seen:2023-02-09 16:39:48 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 0cc8ba71b98afd867de0195f0d6030f9 (5 x Quakbot)
ssdeep 6144:c8HwSJZ88IKeVSi5CHvJITRTcKY+UC6vmtmHkRCoqd0WGCFrV0grgBv/:c8HwSJG83i5CPqTCKY+cORqdKCFx08A
TLSH T1B6747E16A60394F6C8573AB31297E1DF3A24A709C4105F6EDFB81C24FBB6900E57936B
TrID 32.2% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
20.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter proxylife
Tags:1675872307 BB14 dll Qakbot Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
233
Origin country :
CA CA
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/362863/
Detection(s):
SecuriteInfo.com.Win32.TrojanX-gen.17604.22135.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
anti-debug overlay packed
Link:
https://www.filescan.io/uploads/63e50a74d2066c7b73b43eed/reports/ef0ce69f-bef8-41ad-8d60-50d4fcab8b29/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/e1f670924bf0dac3e239d0acb5d9cc8fc83c9d8f927dbf758ad01a0bdffdbe63
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/da3b3806-2936-4832-8eb0-67ed5c0adc92
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e1f670924bf0dac3e239d0acb5d9cc8fc83c9d8f927dbf758ad01a0bdffdbe63/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2023-02-09 15:00:09 UTC
File Type:
PE (Dll)
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4h3hbesl6dnmhyrz2cwllwomr7edzhmpsj6365mk2anaxx75xzrq._file
Verdict:
malicious
Label(s):
qakbot
Create hunting rule
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230209-sdbavsgf4y/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
e1f670924bf0dac3e239d0acb5d9cc8fc83c9d8f927dbf758ad01a0bdffdbe63
MD5 hash:
1a34300167850dfda41365dcaf2098c6
SHA1 hash:
3f43297e3e92d6215c8dc80c037c881d386b8449
Link:
https://www.unpac.me/results/9c9bc540-b0f8-435b-9b55-2a3ab308f687/
Malware family:
QBot
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e1f670924bf0/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e1f670924bf0dac3e239d0acb5d9cc8fc83c9d8f927dbf758ad01a0bdffdbe63

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/362863/

Comments