MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e62a7453020148080614f7bd81ae3c316b1655b60845606120a6d671c5aaac43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 6


Intelligence 6 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e62a7453020148080614f7bd81ae3c316b1655b60845606120a6d671c5aaac43
SHA3-384 hash: a175ffc3e9815c45b498f1f2e635238da40cdf3d0f124ac83942172679f2ad486ab13c9889817954012a0c2a2731e03c
SHA1 hash: 139cd866212c22969c94b87b93387d3bdda022ec
MD5 hash: 7fbfd99f2917c9b8d4fc25ca873c9268
humanhash: oscar-lion-spring-october
File name:clamouring.img
Download: download sample
Signature Quakbot
Create hunting rule
File size:798'720 bytes
First seen:2023-02-28 21:48:54 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:nlt0Seoid4jxZKlpKkPnMMiNWk11BhkWvSqY4zvmjOwJIT2:ltNe5kxZKl8QigiPk0hmOhT
TLSH T11305AEA8A75809B6DD63637ED802C651C6357820431312DBB2EC9A7F7B439D8633DF29
TrID 98.8% (.NULL) null bytes (2048000/1)
0.5% (.WAR) Warcraft II game data archive (12007/4/6)
0.2% (.ISO) ISO 9660 CD image (5100/59/2)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
Reporter malware_traffic
Tags:BB17 img Qakbot qbot Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
177
Origin country :
US US
File Archive Information

This file archive contains 10 file(s), sorted by their relevance:

File name:GeneticsIntemperablyLeelang.lnk
File size:1'441 bytes
SHA256 hash: 13a2ad0e9bdd19b574677f1f66a9d0fe10fcb8ba1e36017f697c3eebc7e24c45
MD5 hash: c2f08bff0b6682f658ab746b8d15f5ef
MIME type:application/octet-stream
Signature Quakbot
File name:undatedCynophilic.txt
File size:11'058 bytes
SHA256 hash: 9e6b1a4934137c5ad257799ab41449084d824dc5c28b88204c45865ce2c46914
MD5 hash: 65fd9583bf51a6e707bd002f5403021f
MIME type:text/plain
Signature Quakbot
File name:MegadontismUnpilled.RFv
File size:13'307 bytes
SHA256 hash: 221fb5ff0bb54c1c419d66652ef4b8a2ce55af43ee36bedf15d30fe71a92084b
MD5 hash: c545b91557a404e6e9afd081640ceafa
MIME type:text/x-ms-regedit
Signature Quakbot
File name:Longbows.read
File size:11'025 bytes
SHA256 hash: 7e3dae6f00632037e47517329fcb91f8f349259118a046b3742c53ac1f8ed482
MD5 hash: c0e5fe8044ae6baedb1de3ab1189f08b
MIME type:text/plain
Signature Quakbot
File name:DogfennelArmour.wsf
File size:307'792 bytes
SHA256 hash: 3a011f05b7e45c75b93a0faccc90f6d39202c8ba3b94e2b4ad9ee04de01dfac8
MD5 hash: c3914b0bdfbfc111aac0be6e7ddbb925
MIME type:text/plain
Signature Quakbot
File name:unspiritual.Iezq
File size:11'722 bytes
SHA256 hash: 32987a9ad5f5c4a45a16de1e66d10711c97eb6cf27366e92a9a960df8a49d1e0
MD5 hash: 57315721c0819d5bd9537ba2721da44a
MIME type:text/x-ms-regedit
Signature Quakbot
File name:remerged.jpeg
File size:65'011 bytes
SHA256 hash: 1da1809ce0debe5fe6a94ecdf42d942ba0e472895d36b75f1e3f84785bf0ba9a
MD5 hash: 0a95166e1e71102f1f7b442e57c8fd1e
MIME type:image/jpeg
Signature Quakbot
File name:fishboatBarometrography.readme
File size:11'054 bytes
SHA256 hash: 0cf9bf04cf683514a22c04ad3a204c0561d24c0e8e790cdc3cb87897f38d3e07
MD5 hash: adf060ce758df69c1376906975b9a27d
MIME type:text/plain
Signature Quakbot
File name:AmphiboliticFolklorish.exe
File size:289'792 bytes
SHA256 hash: b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450
MD5 hash: 8a2122e8162dbef04694b9c3e0b6cdee
MIME type:application/x-dosexec
Signature Quakbot
File name:Earlier.cmd
File size:717 bytes
SHA256 hash: b19ac50edda7d743a960d9e0ec61d4fa4558a2b21e7373fa1e19be8b3bcfb9c7
MD5 hash: 4c0b21388077beb5e6ea874fb5f341bb
MIME type:text/x-msdos-batch
Signature Quakbot
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.JS.Obfus-514.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
context-iso greyware
Link:
https://www.filescan.io/uploads/63fe76cf93921fa0423610ff/reports/85b2b3c0-0129-47b3-9128-331e43f7a1c0/overview
Verdict:
Malicious
Labled as:
Trojan.A82D595A
Link:
https://www.hybrid-analysis.com/sample/e62a7453020148080614f7bd81ae3c316b1655b60845606120a6d671c5aaac43
Result
Verdict:
MALICIOUS
Details
Base64 Encoded Powershell Directives
Detected one or more base64 encoded Powershell directives.
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e62a7453020148080614f7bd81ae3c316b1655b60845606120a6d671c5aaac43/
Threat name:
Win32.Trojan.Isolink
Create hunting rule
Status:
Suspicious
First seen:
2023-02-28 15:42:32 UTC
File Type:
Binary (Archive)
Extracted files:
30
AV detection:
5 of 34 (14.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4yvhiuycafeaqbqu666ydlr4gfvrmvnwbbcwayjau3lhdrnkvrbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e62a7453020148080614f7bd81ae3c316b1655b60845606120a6d671c5aaac43

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFu
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time
Rule name:iso_lnk
Create hunting rule
Author:tdawg
Rule name:QbotStuff
Create hunting rule
Author:anonymous
Rule name:SUSP_EXE_in_ISO
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects ISO files that contains an Exe file. Does not need to be malicious
Reference:Internal Research
Rule name:SUSP_VBS_in_ISO
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects ISO files that contain VBS functions
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments