MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e23e0ba2a1ae66ff85a3a2b28f489ec73fb5e6748b2acf33458e78eda5c3feb3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e23e0ba2a1ae66ff85a3a2b28f489ec73fb5e6748b2acf33458e78eda5c3feb3
SHA3-384 hash: 6f92285968ec74073e17093ede775665b2829ed9f469a473dc4a5a444f7acd64a770289618950014e62c267a3a3067f8
SHA1 hash: d0d081d0165b4dbf990818a1df3b12b70024e666
MD5 hash: f4f59297e0af010789eb4cb152e2bafd
humanhash: twenty-oscar-finch-lake
File name:Paul Sehnert Tax Docs.zip
Download: download sample
Signature Quakbot
Create hunting rule
File size:3'817'397 bytes
First seen:2026-02-04 11:35:55 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:QQXwEgLvO6qrDwKB5TCVtNqEAuoFzGdIMdLdK6mOV2RVHUAq2xGYnmJae8G8flZI:QQUvurDbUlK6mi2RVHmAl5uiI6OavG
TLSH T1C2063366E5E74B0361CDDBE3522EFAD1612509F8074BD868E38D29970DA081DF9CBF06
Magika zip
Reporter smica83
Tags:Quakbot xworm zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
141
Origin country :
HU HU
File Archive Information

This file archive contains 6 file(s), sorted by their relevance:

File name:Form 2848 Paul-protected.pdf
File size:50'049 bytes
SHA256 hash: cc9f4f27543747d727e218566874ce268a58bfc046b20df53edd92cdb4cfd5f1
MD5 hash: 0cf2385b58292c8309256f8888419c16
MIME type:application/pdf
Signature Quakbot
File name:CamScanner 09-02-2025 09.25-protected.pdf
File size:3'257'135 bytes
SHA256 hash: d95e413e59052c9d9d3d591089da6021c05e7578d7e70faa260e1bc62013f85f
MD5 hash: c94b8fc8a8b2294c32dc84f9bafc2d6c
MIME type:application/pdf
Signature Quakbot
File name:Form 843-protected.pdf
File size:54'093 bytes
SHA256 hash: 1e98db5874724feb356581e59b512a065046607d645aaf34b379e687f0453a58
MD5 hash: bbba96edc92174a762a57d3af194f2ed
MIME type:application/pdf
Signature Quakbot
File name:2024 1040 Tax Return (S PAUL)-protected.pdf
File size:395'723 bytes
SHA256 hash: 76f0895587a5c6197296fcaab6362f92e433bc07b46b867030a0cb9cd1ee4af8
MD5 hash: a6016b017c9a43f8b36f48f4db8d28c2
MIME type:application/pdf
Signature Quakbot
File name:2024 Wks dinergysolutions AGI-protected.pdf
File size:93'235 bytes
SHA256 hash: 112a45c1b615ec69107cb631029d0cb82c4436f4a68e2316a7c2dcf7641b575e
MD5 hash: 7750385b5a82758b4f360b08ec8de009
MIME type:application/pdf
Signature Quakbot
File name:Password.txt.lnk
File size:1'362 bytes
SHA256 hash: 19787a5865b695ccec4f7584e31281ecdf5ec17b8d6f7c9d5d7c1f959b724704
MD5 hash: 8fd0dfc4b32e53a7cdfc9d07cfb02479
MIME type:application/octet-stream
Signature Quakbot
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/36fe75a3-5aa3-4ed1-a056-1fe55b823f79/
Detection(s):
SecuriteInfo.com.LNK.PowerShell.Exec-5.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30517.LnkHeur.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.LOLBinOddLook.20220523.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.OddLook.202207213.UNOFFICIAL
Create hunting rule

TwinWave.EviLNK.PKillLnkMSHTA.20220823.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69832f359a60ec70d92cbbc0
Tags:
infosteal overt hype
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
encrypted
Link:
https://www.filescan.io/uploads/69832f31930564ff3c895e6f/reports/cf869883-d834-495d-8ace-fc451c234c3d/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/e23e0ba2a1ae66ff85a3a2b28f489ec73fb5e6748b2acf33458e78eda5c3feb3
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/e23e0ba2a1ae66ff85a3a2b28f489ec73fb5e6748b2acf33458e78eda5c3feb3
Details
Document With Few Pages
Document contains between one and three pages of content. Most malicious documents are sparse in page count.
Verdict:
Malicious
File Type:
zip
First seen:
2026-02-04T00:32:00Z UTC
Last seen:
2026-02-04T10:00:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/e23e0ba2a1ae66ff85a3a2b28f489ec73fb5e6748b2acf33458e78eda5c3feb3/results?tab=lookup
Verdict:
Malware
YARA:
3 match(es)
Tags:
LNK LNK: Script Execution Malicious MSHTA T1218 T1218.005 Zip Archive
Link:
https://app.malva.re/file/f4f59297e0af010789eb4cb152e2bafd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e23e0ba2a1ae66ff85a3a2b28f489ec73fb5e6748b2acf33458e78eda5c3feb3/
Threat name:
Win32.Trojan.Suschil
Create hunting rule
Status:
Malicious
First seen:
2026-02-03 00:39:44 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4i7axivbvztp7bndukzi6se6y473lzturmvm6m2frz4o3jod72zq._file
Result
Malware family:
xworm
Create hunting rule
Score:
  10/10
Tags:
family:xworm adware defense_evasion discovery execution persistence ransomware rat spyware trojan
Link:
https://tria.ge/reports/260204-pklhmaaw5e/
Behaviour
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Malware Config
C2 Extraction:
steinsgroup.org:48384
Dropper Extraction:
http://lucupeet.navelyandco.com
https://terazosine.fit/KAGBLCPMDJUJHWZKFKNG
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/e23e0ba2a1ae66ff85a3a2b28f489ec73fb5e6748b2acf33458e78eda5c3feb3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Download_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies download artefacts in shortcut (LNK) files.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments


Avatar
commented on 2026-02-04 13:37:19 UTC

Related:

45[.]56[.]112[.]40
185[.]196[.]10[.]134
commachecker[.]knightrench[.]click
resubmit[.]vkamagras[.]com
calldocsinvites[.]site
themoondaughters[.]com
colburn[.]localsecurespaces[.]org
joggle[.]navelyandco[.]com
powered[.]buyfildena[.]site
deslorat[.]click