MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f37d3c915b896922eed07327ecc8b944fcab1445d20c02c26c5aab8d91473b45. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	f37d3c915b896922eed07327ecc8b944fcab1445d20c02c26c5aab8d91473b45
SHA3-384 hash:	7f6d0a96e728a2a6b5a64f91804e03a4912e3e6132eb35b7a0817f1785ddce857339be60f9bdde53454b01b50972df97
SHA1 hash:	dde03f2c98486a795ba4163a77a364e454a5d3ea
MD5 hash:	ec1510d68a43ffbdcd8bbadb4e30a5c9
humanhash:	robert-princess-blue-red
File name:	Ndsob.js
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	201'946 bytes
First seen:	2023-05-18 14:18:26 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	1536:8p7zZMOVxyyMW3GLhZSVqvWMLDzM1giLoCO+ZqxelA5ZqQAiE2kWBSKJT4pbxKI1:WziCxyyG7+u+cxeqWFWBSKZ4pbpgc7
TLSH	T1CA14769843D124715B1B7D756B30A8A99BBD1E7482C8878BF49F7394F6CED8CC8E0621
Reporter	JaffaCakes118
Tags:	Quakbot

Intelligence

File Origin

# of uploads :

1

# of downloads :

103

Origin country :

GB

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.29031.BadJs.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

lolbin obfuscated powershell wscript

Link:

https://www.filescan.io/uploads/646633db210b83e7c0c7f32d/reports/e3e9fad4-62ca-4a92-89f7-a9fce376dd32/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/f37d3c915b896922eed07327ecc8b944fcab1445d20c02c26c5aab8d91473b45

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f37d3c915b896922eed07327ecc8b944fcab1445d20c02c26c5aab8d91473b45/

Threat name:

Script-JS.Trojan.Cryxos

Status:

Malicious

First seen:

2023-05-17 19:03:30 UTC

File Type:

Text (JavaScript)

AV detection:

5 of 37 (13.51%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=6n6tzek3rfusf3wqomt6zsfzit6kwfcf2igafqtmlkvy3ekhhncq._file

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/230518-rmtywscd73/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Blocklisted process makes network request

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/f37d3c915b89/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f37d3c915b896922eed07327ecc8b944fcab1445d20c02c26c5aab8d91473b45

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

js f37d3c915b896922eed07327ecc8b944fcab1445d20c02c26c5aab8d91473b45

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2632728/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2635651/

URLhaus

https://urlhaus.abuse.ch/url/2633698/

URLhaus

https://urlhaus.abuse.ch/url/2632677/

URLhaus

https://urlhaus.abuse.ch/url/2634599/

URLhaus

https://urlhaus.abuse.ch/url/2632689/

URLhaus

https://urlhaus.abuse.ch/url/2633873/

URLhaus

https://urlhaus.abuse.ch/url/2634577/

URLhaus

https://urlhaus.abuse.ch/url/2635896/

URLhaus

https://urlhaus.abuse.ch/url/2634133/

URLhaus

https://urlhaus.abuse.ch/url/2635671/

URLhaus

https://urlhaus.abuse.ch/url/2634596/

URLhaus

https://urlhaus.abuse.ch/url/2633716/

URLhaus

https://urlhaus.abuse.ch/url/2635600/

URLhaus

https://urlhaus.abuse.ch/url/2634530/

URLhaus

https://urlhaus.abuse.ch/url/2633979/

URLhaus

https://urlhaus.abuse.ch/url/2634167/

URLhaus

https://urlhaus.abuse.ch/url/2635880/

URLhaus

https://urlhaus.abuse.ch/url/2633859/

URLhaus

https://urlhaus.abuse.ch/url/2634989/

URLhaus

https://urlhaus.abuse.ch/url/2634744/

URLhaus

https://urlhaus.abuse.ch/url/2633950/

URLhaus

https://urlhaus.abuse.ch/url/2635039/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample