MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e2effc53e2a9bf240961d89a45e2c9aff71f724e078acca5c6c57bd861383042. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	e2effc53e2a9bf240961d89a45e2c9aff71f724e078acca5c6c57bd861383042
SHA3-384 hash:	7b80fcad9bc95bbb80667ee22fa31e50e86b4bf8370fcb0a7355cf9cccd1e9e5ba36945c2d3c6015f93e7a1a81fc2c3a
SHA1 hash:	128c454b6501963df8b1763a15965ff299d50bd6
MD5 hash:	1146a4a3859b456b89a0776e911b15ff
humanhash:	king-venus-december-minnesota
File name:	twinges.dat
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	432'640 bytes
First seen:	2022-10-27 19:17:08 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	fae84ade86333bc16f134b64e603e945 (8 x Quakbot)
ssdeep	12288:eqdD/sblafl4M/8toGXJZ6diNjoo8Ywr6t57AKC:eqdclafl4eGXuiND8Ye6c
Threatray	1'609 similar samples on MalwareBazaar
TLSH	T19F94E040F4A3DFF2D1BD183800B6A3631B2956260B26C9FB53848B267E747D15B3A776
TrID	32.2% (.EXE) Win64 Executable (generic) (10523/12/4) 20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 15.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 13.7% (.EXE) Win32 Executable (generic) (4505/5/1) 6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	zalksec_sec
Tags:	dll Qakbot Quakbot

Intelligence

File Origin

# of uploads :

1

# of downloads :

242

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/325109/

Detection(s):

SecuriteInfo.com.Win32.BotX-gen.16250.15346.UNOFFICIAL

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Сreating synchronization primitives

Launching a process

Searching for synchronization primitives

Modifying an executable file

Creating a window

Unauthorized injection to a system process

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Qakbot

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/20985bd9-ce6f-4375-92ec-a8d68eb6799e

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e2effc53e2a9bf240961d89a45e2c9aff71f724e078acca5c6c57bd861383042/

Threat name:

Win32.Trojan.KBot

Status:

Malicious

First seen:

2022-10-27 20:30:28 UTC

File Type:

PE (Dll)

Extracted files:

1

AV detection:

19 of 40 (47.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4lx7yu7cvg7siclb3cnelywjv73r64soa6fmzjogyv55qyjygbba._file

Verdict:

malicious

Label(s):

qakbot

Similar samples:

540033fa84f80fb1e31c73139d2a043790a980191c5c5e4416bcfa51d4394a4f

62b5cb0be9e42ed5628cf0bcbc7a159ac89668933c887796d2201e5eb4c2ca76

9bea9743ed86d925f88d75077ef37b3a4a6a652bbdd2f0e516efdfbb94fb5e06

aa8fbf0411339a0acce09cebab6aea8ed00ceaec76fd92f304ee41c09a9372a4

dae5768e9a2f692512613af462d3ea8d96ce9f38eee1c06ddc52cde8dec2e0a2

de45d7beb1e0231bf22e41bbb01a4ebccb6a2607787c48533fb53159bd44cf72

e248f7a1cbd369a2111834664fa805b489c8610e0d9b7fa506c3a1fc882dd331

+ 1'599 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/221027-xzxs7sdag6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

1b7287d4194f9a2b91b63b7b20124dcb6445bebe94038cf05e18f08e6f081582

MD5 hash:

458842141cfce4e96827b348867a4643

SHA1 hash:

178341cfa8f5ba72fd8a0f409d4dcdc2719f8d40

Detections:

Qakbot

win_qakbot_auto

Link:

https://www.unpac.me/results/3e9f2042-675c-44ab-bcb6-74ff2672adf0/

SH256 hash:

e2effc53e2a9bf240961d89a45e2c9aff71f724e078acca5c6c57bd861383042

MD5 hash:

1146a4a3859b456b89a0776e911b15ff

SHA1 hash:

128c454b6501963df8b1763a15965ff299d50bd6

Link:

https://www.unpac.me/results/3e9f2042-675c-44ab-bcb6-74ff2672adf0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e2effc53e2a9bf240961d89a45e2c9aff71f724e078acca5c6c57bd861383042

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via e-mail link

Cape

Cape

https://www.capesandbox.com/analysis/325109/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample